Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Block Directory Views and Traversal in File Browser #3614

Open
Oglopf opened this issue Jun 18, 2024 · 2 comments
Open

Block Directory Views and Traversal in File Browser #3614

Oglopf opened this issue Jun 18, 2024 · 2 comments
Labels
area/security community request component/file_browser
Milestone
Backlog

Comments

@Oglopf
Copy link
Contributor

Oglopf commented Jun 18, 2024

We had a community request come in asking if we could add the ability to the file explorer of not allowing users to traverse directory structures they do not have read access on:
https://discourse.openondemand.org/t/file-explorer-capping/3570

So instead of the current behavior of allowing the user to traverse into something like /etc without read permissions, a site could flip some bit to have the read permission checked and prevent this traversal instead or outright block the presentation of the directory in question.
@osc-bot osc-bot added this to the Backlog milestone Jun 18, 2024
@johrstrom
Copy link
Contributor

Isn't this allowlists?

https://osc.github.io/ood-documentation/latest/customizations.html?#block-or-allow-directory-access

@Christian-bustelo
Copy link

Good morning!
I have checked this and indeed it is already implemented. Thank you very much!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/security community request component/file_browser
Projects
None yet
Milestone
Backlog
Development

No branches or pull requests
4 participants
@johrstrom @Oglopf @osc-bot @Christian-bustelo