Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Control the process id in config.json files #4525

Closed
freddidierRTE opened this issue May 26, 2023 · 1 comment · Fixed by #4602
Closed

Control the process id in config.json files #4525

freddidierRTE opened this issue May 26, 2023 · 1 comment · Fixed by #4602
Assignees
@vlo-rte
Labels
Enhancement New feature LetsCo Issues needed for letscoordinate project

Comments

@freddidierRTE
Copy link
Contributor

freddidierRTE commented May 26, 2023
edited

check id does not contain ( # , ? , / , \ ) when pushing a bundle to business config
@freddidierRTE freddidierRTE added the Enhancement New feature label May 26, 2023
vlo-rte added a commit that referenced this issue Jun 13, 2023
@vlo-rte
Control the process id in config.json files (#4525)
ea88248 
Signed-off-by: vlo-rte <valerie.longa@rte-france.com>
@vlo-rte vlo-rte mentioned this issue Jun 13, 2023
Merged
@vlo-rte vlo-rte linked a pull request Jun 13, 2023 that will close this issue
Control the process id in config.json files (#4525) #4602
Merged
@OlivierVoron
Copy link

OlivierVoron commented Jun 14, 2023
edited

Protect the following entry points from misusage and path manipulation: disallow directory traversal characters (#, ?, /, ) to avoid the possibility to alter another directory that is not the one that is used for bundle storage + check the content type of the file provided as it should be considered possible tainted

  • BusinessconfigController.uploadBundle
  • ProcessServices.updateProcess0
  • any other entry point like these

@freddidierRTE freddidierRTE added the LetsCo Issues needed for letscoordinate project label Jun 14, 2023
vlo-rte added a commit that referenced this issue Jun 14, 2023
@vlo-rte
Control the process id in config.json files (#4525)
9e34818 
Signed-off-by: vlo-rte <valerie.longa@rte-france.com>
freddidierRTE pushed a commit that referenced this issue Jun 14, 2023
@vlo-rte @freddidierRTE
Control the process id in config.json files (#4525)
b435cfc 
Signed-off-by: vlo-rte <valerie.longa@rte-france.com>
vlo-rte added a commit that referenced this issue Jun 14, 2023
@vlo-rte
Control the process id in config.json files (#4525)
a31d5ce 
Signed-off-by: vlo-rte <valerie.longa@rte-france.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@vlo-rte vlo-rte

Labels
Enhancement New feature LetsCo Issues needed for letscoordinate project
Projects
No open projects
OperatorFabric Release 4.0.0
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Control the process id in config.json files (#4525) opfab/operatorfabric-core
3 participants
@vlo-rte @freddidierRTE @OlivierVoron