nginx-ui icon indicating copy to clipboard operation
nginx-ui copied to clipboard

Published 20 hours ago verified publisher icon schenkd

Implemented possible solution for path traversal

Open chris18191 opened this issue 5 years ago • 3 comments

chris18191 avatar Jul 01 '20 11:07 chris18191

It seems like you addressed the path traversal issue only in a single endpoint. Looking through endpoints.py, it seems that most API endpoints work rather similar an possibly share the same issue.

erikgeiser avatar Jul 01 '20 19:07 erikgeiser

I added a new function to generate valid paths or return None if the path is not valid, e.g. it is no subdirectory of the given folder. Errors can now also easily be visualized by calling rendeError, which makes use Semantics error message.

chris18191 avatar Jul 02 '20 11:07 chris18191

I added a new function to generate valid paths or return None if the path is not valid, e.g. it is no subdirectory of the given folder. Errors can now also easily be visualized by calling rendeError, which makes use Semantics error message.

@chris18191 First of all, thank you very much for your efforts. I see you're using lower camel-case everywhere. I did not want to mention every method in the review. Could you adapt it to the Python convention? Unfortunately, I will not be able to do an extensive review before the weekend.

schenkd avatar Jul 02 '20 15:07 schenkd