Directory name bug #21

paf31 · 2017-05-07T22:14:06Z

We construct several directory and file paths using </>. If a package set, package or tag name has path parts in its name such as .., then this allows psc-package to create files outside the project directory. This is obviously a bug, and possibly a security issue, so we should disallow such filenames.

The text was updated successfully, but these errors were encountered:

hdgarrood · 2017-05-14T14:25:10Z

Interested in taking a stab at this. How about newtypes and smart constructors for each of those three things?

paf31 · 2017-05-14T19:36:14Z

Yes I think so.

Part of #21; this does not fully fix #21 as it only addresses package names.

justinwoo · 2019-02-02T12:24:03Z

Is there anything more to do here, or has this been solved by the PR?

paf31 added the bug label May 7, 2017

hdgarrood added a commit that referenced this issue May 21, 2017

Add a newtype for package names

1ff6820

Part of #21; this does not fully fix #21 as it only addresses package names.

hdgarrood mentioned this issue May 21, 2017

Add a newtype for package names #29

Merged

paf31 closed this as completed in #29 May 27, 2017

paf31 pushed a commit that referenced this issue May 27, 2017

Add a newtype for package names (#29)

f59ea9a

Part of #21; this does not fully fix #21 as it only addresses package names.

paf31 reopened this May 27, 2017

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Directory name bug #21

Directory name bug #21

paf31 commented May 7, 2017

hdgarrood commented May 14, 2017

paf31 commented May 14, 2017

justinwoo commented Feb 2, 2019

Directory name bug #21

Directory name bug #21

Comments

paf31 commented May 7, 2017

hdgarrood commented May 14, 2017

paf31 commented May 14, 2017

justinwoo commented Feb 2, 2019