You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by Colm O hEigeartaigh <co...@apache.org> on 2017/03/13 10:39:18 UTC

Review Request 57553: RANGER-1450 - Avoid path traversal attacks when reading XML files

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/57553/
-----------------------------------------------------------

Review request for ranger.


Bugs: RANGER-1450
    https://issues.apache.org/jira/browse/RANGER-1450


Repository: ranger


Description
-------

This task is to avoid potential path traversal attacks when parsing XML configuration files. The fix is just to take the last part of the "path" that is supplied.


Diffs
-----

  agents-common/src/main/java/org/apache/ranger/plugin/util/XMLUtils.java 4647004 


Diff: https://reviews.apache.org/r/57553/diff/1/


Testing
-------


Thanks,

Colm O hEigeartaigh

Re: Review Request 57553: RANGER-1450 - Avoid path traversal attacks when reading XML files

Posted by Qiang Zhang <zh...@zte.com.cn>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/57553/#review174298
-----------------------------------------------------------


Ship it!




- Qiang Zhang


On March 13, 2017, 10:39 a.m., Colm O hEigeartaigh wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/57553/
> -----------------------------------------------------------
> 
> (Updated March 13, 2017, 10:39 a.m.)
> 
> 
> Review request for ranger.
> 
> 
> Bugs: RANGER-1450
>     https://issues.apache.org/jira/browse/RANGER-1450
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> This task is to avoid potential path traversal attacks when parsing XML configuration files. The fix is just to take the last part of the "path" that is supplied.
> 
> 
> Diffs
> -----
> 
>   agents-common/src/main/java/org/apache/ranger/plugin/util/XMLUtils.java 4647004 
> 
> 
> Diff: https://reviews.apache.org/r/57553/diff/1/
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> Colm O hEigeartaigh
> 
>