YunoHost/package_linter
1
0
Fork 0
mirror of https://github.com/YunoHost/package_linter.git synced 2024-09-03 20:06:12 +02:00
Code Issues Projects Releases Packages Wiki Activity

Fix an edge case of path traversal detection

Browse source
This commit is contained in:
Alexandre Aubin 2020-10-08 16:06:19 +02:00
parent 79c52b28c7
commit 01adf07c5e
1 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
package_linter.py
View file

@ -526,6 +526,9 @@ class App(TestSuite):
for block in nginxconf:
for location, alias in find_location_with_alias(block):
# Ignore locations which are regexes..?
if location.startswith("^") and location.endswith("$"):
continue
alias_path = alias[-1]
# For path traversal issues to occur, both of those are needed :
# - location /foo { (*without* a / after foo)