Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Valid the input path from header 'x-pghoard-target-path' #608

Merged
merged 1 commit into from
Dec 15, 2023
Merged

Valid the input path from header 'x-pghoard-target-path' #608

merged 1 commit into from
Dec 15, 2023

Conversation

0xlianhu
Copy link
Contributor

@0xlianhu 0xlianhu commented Dec 4, 2023

Security: validate input target path from HTTP header x-pghoard-target-path

@0xlianhu 0xlianhu marked this pull request as draft December 4, 2023 23:34
@0xlianhu 0xlianhu force-pushed the 0xlianhu-BF-2344-security-validate-input-path branch 6 times, most recently from 3480d77 to f744e5c Compare December 7, 2023 15:50
@0xlianhu 0xlianhu requested a review from a team December 7, 2023 15:52
@codecov-commenter
Copy link

Codecov Report

Merging #608 (f744e5c) into main (ae00595) will decrease coverage by 0.20%.
Report is 2 commits behind head on main.
The diff coverage is 100.00%.

Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##             main     #608      +/-   ##
==========================================
- Coverage   91.33%   91.14%   -0.20%     
==========================================
  Files          32       32              
  Lines        4731     4730       -1     
==========================================
- Hits         4321     4311      -10     
- Misses        410      419       +9
Files Coverage Δ
pghoard/transfer.py 98.69% <100.00%> (ø)
pghoard/webserver.py 89.11% <100.00%> (+0.15%) ⬆️

... and 7 files with indirect coverage changes

@0xlianhu 0xlianhu marked this pull request as ready for review December 7, 2023 16:21
@0xlianhu 0xlianhu force-pushed the 0xlianhu-BF-2344-security-validate-input-path branch from f744e5c to b3f6cfc Compare December 7, 2023 16:36
rdunklau
rdunklau reviewed Dec 11, 2023
View reviewed changes
Copy link
Contributor

@rdunklau rdunklau left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some questions about the validation of paths.

@0xlianhu 0xlianhu force-pushed the 0xlianhu-BF-2344-security-validate-input-path branch from b3f6cfc to 132c716 Compare December 11, 2023 14:46
@0xlianhu 0xlianhu requested a review from rdunklau December 11, 2023 14:48
@0xlianhu 0xlianhu force-pushed the 0xlianhu-BF-2344-security-validate-input-path branch from 132c716 to 3fbc406 Compare December 12, 2023 08:48
github-advanced-security[bot]
github-advanced-security bot found potential problems Dec 12, 2023
View reviewed changes
pghoard/webserver.py Dismissed Show dismissed Hide dismissed
pghoard/webserver.py Dismissed Show dismissed Hide dismissed
@0xlianhu 0xlianhu force-pushed the 0xlianhu-BF-2344-security-validate-input-path branch from 3fbc406 to 0e9ddce Compare December 12, 2023 09:32
@0xlianhu 0xlianhu force-pushed the 0xlianhu-BF-2344-security-validate-input-path branch from 0e9ddce to e21dcaa Compare December 12, 2023 09:35
@rdunklau rdunklau merged commit ad8bc84 into main Dec 15, 2023
7 checks passed
@rdunklau rdunklau deleted the 0xlianhu-BF-2344-security-validate-input-path branch December 15, 2023 09:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rdunklau rdunklau rdunklau approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@0xlianhu @codecov-commenter @rdunklau