psc-package icon indicating copy to clipboard operation
psc-package copied to clipboard

Published 20 hours ago verified publisher icon purescript

Directory name bug

Open paf31 opened this issue 7 years ago • 3 comments

We construct several directory and file paths using </>. If a package set, package or tag name has path parts in its name such as .., then this allows psc-package to create files outside the project directory. This is obviously a bug, and possibly a security issue, so we should disallow such filenames.

paf31 avatar May 07 '17 22:05 paf31

Interested in taking a stab at this. How about newtypes and smart constructors for each of those three things?

hdgarrood avatar May 14 '17 14:05 hdgarrood

Yes I think so.

paf31 avatar May 14 '17 19:05 paf31

Is there anything more to do here, or has this been solved by the PR?

justinwoo avatar Feb 02 '19 12:02 justinwoo