Skip to content
Snippets Groups Projects

validate input paths in the CVS loader

Closed validate input paths in the CVS loader
generated-differential-D6823-source into generated-differential-D6823-target
Closed Stefan Sperling requested to merge generated-differential-D6823-source into generated-differential-D6823-target
Viewing commit 238c9c03
Show latest version
4 files
+ 211
3
Compare changes
  • Side-by-side
  • Inline
Files
4
  • 238c9c03 
    The CVS loader creates files on the local file system based on
paths which were read from a local copy of a CVS repository or
sent by a CVS server as part of its "cvs rlog" response.

Ensure that such paths will not be able to escape the temporary
directory which stores checked out versions of files.
swh/loader/cvs/tests/data/unsafe_rlog_with_unsafe_relative_path.rlog 0 → 100644
+ 103
0
RCS file: {cvsroot_path}/../greek-tree/alpha,v
head: 1.2
branch:
locks: strict
access list:
symbolic names:
start: 1.1.1.1
yoyo: 1.1.1
keyword substitution: kv
total revisions: 3; selected revisions: 3
description:
----------------------------
revision 1.2
date: 2021-04-20 15:30:37 +0200; author: stsp; state: Exp; lines: +1 -0; commitid: 100607ED77A971503F5;
edit alpha
----------------------------
revision 1.1
date: 2021-04-20 15:29:48 +0200; author: stsp; state: Exp; commitid: 100607ED74996F4C8AF;
branches: 1.1.1;
Initial revision
----------------------------
revision 1.1.1.1
date: 2021-04-20 15:29:48 +0200; author: stsp; state: Exp; lines: +0 -0; commitid: 100607ED74996F4C8AF;
initial import
=============================================================================
RCS file: {cvsroot_path}/greek-tree/Attic/../beta,v
head: 1.2
branch:
locks: strict
access list:
symbolic names:
start: 1.1.1.1
yoyo: 1.1.1
keyword substitution: kv
total revisions: 3; selected revisions: 3
description:
----------------------------
revision 1.2
date: 2021-04-20 15:30:52 +0200; author: stsp; state: dead; lines: +0 -0; commitid: 100607ED78A9726BA11;
remove beta
----------------------------
revision 1.1
date: 2021-04-20 15:29:48 +0200; author: stsp; state: Exp; commitid: 100607ED74996F4C8AF;
branches: 1.1.1;
Initial revision
----------------------------
revision 1.1.1.1
date: 2021-04-20 15:29:48 +0200; author: stsp; state: Exp; lines: +0 -0; commitid: 100607ED74996F4C8AF;
initial import
=============================================================================
RCS file: {cvsroot_path}/../../etc/passwd
head: 1.3
branch:
locks: strict
access list:
symbolic names:
start: 1.1.1.1
yoyo: 1.1.1
keyword substitution: kv
total revisions: 4; selected revisions: 4
description:
----------------------------
revision 1.3
date: 2021-04-20 15:32:45 +0200; author: stsp; state: Exp; lines: +1 -1; commitid: 100607ED7F29770C997;
reviving zeta
----------------------------
revision 1.2
date: 2021-04-20 15:31:57 +0200; author: stsp; state: dead; lines: +0 -0; commitid: 100607ED7C89753114E;
remove epsilon/zeta
----------------------------
revision 1.1
date: 2021-04-20 15:29:48 +0200; author: stsp; state: Exp; commitid: 100607ED74996F4C8AF;
branches: 1.1.1;
Initial revision
----------------------------
revision 1.1.1.1
date: 2021-04-20 15:29:48 +0200; author: stsp; state: Exp; lines: +0 -0; commitid: 100607ED74996F4C8AF;
initial import
=============================================================================
RCS file: {cvsroot_path}/greek-tree/gamma/../../../../../../etc/passwd
head: 1.1
branch: 1.1.1
locks: strict
access list:
symbolic names:
start: 1.1.1.1
yoyo: 1.1.1
keyword substitution: kv
total revisions: 2; selected revisions: 2
description:
----------------------------
revision 1.1
date: 2021-04-20 15:29:48 +0200; author: stsp; state: Exp; commitid: 100607ED74996F4C8AF;
branches: 1.1.1;
Initial revision
----------------------------
revision 1.1.1.1
date: 2021-04-20 15:29:48 +0200; author: stsp; state: Exp; lines: +0 -0; commitid: 100607ED74996F4C8AF;
initial import
=============================================================================