YunoHost/package_linter
1
0
Fork 0
mirror of https://github.com/YunoHost/package_linter.git synced 2024-09-03 20:06:12 +02:00
Code Issues Projects Releases Packages Wiki Activity

Fix false positive warning for path traversal issue

Browse source
This commit is contained in:
Alexandre Aubin 2021-10-10 16:38:01 +02:00
parent 97f2441cf4
commit e07d9c5133
1 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
package_linter.py
View file

@ -902,6 +902,11 @@ class Configurations(TestSuite):
if location.startswith("^") and location.endswith("$"): if location.startswith("^") and location.endswith("$"):
continue continue
alias_path = alias[-1] alias_path = alias[-1]
# Ugly hack to ignore cases where aliasing to a specific file (e.g. favicon.ico or foobar.html)
if "." in alias_path[-5]:
continue
# For path traversal issues to occur, both of those are needed: # For path traversal issues to occur, both of those are needed:
# - location /foo { (*without* a / after foo) # - location /foo { (*without* a / after foo)
# - alias /var/www/foo/ (*with* a / after foo) # - alias /var/www/foo/ (*with* a / after foo)