Project

General

Profile

Actions

Bug #24011

closed

Archiving allows to read inconsistent active technique category ids

Added by Clark ANDRIANASOLO 3 months ago. Updated about 1 month ago.

Status:
Released
Priority:
N/A
Category:
Web - Maintenance
Target version:
Severity:
Minor - inconvenience | misleading | easy workaround
UX impact:
User visibility:
Effort required:
Small
Priority:
0
Name check:
To do
Fix check:
Checked
Regression:
No

Description

When importing an archive from git, the id of the active technique category is never sanitized and it could lead to inconsistent behavior like creating other directories outside /var/rudder/configuration-repository when restoring the archive e.g. when an id contains relative file paths characters.

Actions #1

Updated by Clark ANDRIANASOLO 3 months ago

  • Status changed from New to In progress
Actions #2

Updated by Clark ANDRIANASOLO 3 months ago

  • Description updated (diff)
Actions #3

Updated by Clark ANDRIANASOLO 3 months ago

  • Description updated (diff)
Actions #4

Updated by Clark ANDRIANASOLO 3 months ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Clark ANDRIANASOLO to Alexis Mousset
  • Pull Request set to https://github.com/Normation/rudder/pull/5314
Actions #5

Updated by Vincent MEMBRÉ 2 months ago

  • Target version changed from 7.3.11 to 7.3.12
Actions #6

Updated by Clark ANDRIANASOLO 2 months ago

  • Status changed from Pending technical review to Pending release
Actions #7

Updated by Clark ANDRIANASOLO about 2 months ago

  • Fix check changed from To do to Checked

It does no longer create additional files when hacking the xml content in the configuration-repository : /home/user/test.xml file is no longer created when I edit a directive to have an id ../../../../../../home/user/test, and I archive and then re-import the archive.

(not sure though why the error is silent)

Actions #8

Updated by Vincent MEMBRÉ about 1 month ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 7.3.12 and 8.0.6 which were released today.

Actions

Also available in: Atom PDF