Project

General

Profile

Actions

Architecture #27402

open

We need to resolve directory real path in our path trasversal check

Added by François ARMAND 4 days ago. Updated 4 days ago.

Status:
Pending release
Priority:
N/A
Category:
Security
Target version:
Effort required:
Name check:
To do
Fix check:
To do
Regression:
No

Description

In #26957 and related ticket, we added some tooling to avoid that a file resolution escape a parent folder.
But the parent folder isn't resoleved to its real path, which means that if it is a linked to some directory, then the sanitize function is always failing.

Actions #1

Updated by François ARMAND 4 days ago

  • Status changed from New to In progress
Actions #2

Updated by François ARMAND 4 days ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from François ARMAND to Clark ANDRIANASOLO
  • Pull Request set to https://github.com/Normation/rudder/pull/6558
Actions #3

Updated by Anonymous 4 days ago

  • Status changed from Pending technical review to Pending release
Actions

Also available in: Atom PDF