You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Colm O hEigeartaigh <co...@apache.org> on 2017/03/13 10:39:18 UTC
Review Request 57553: RANGER-1450 - Avoid path traversal attacks when
reading XML files
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/57553/
-----------------------------------------------------------
Review request for ranger.
Bugs: RANGER-1450
https://issues.apache.org/jira/browse/RANGER-1450
Repository: ranger
Description
-------
This task is to avoid potential path traversal attacks when parsing XML configuration files. The fix is just to take the last part of the "path" that is supplied.
Diffs
-----
agents-common/src/main/java/org/apache/ranger/plugin/util/XMLUtils.java 4647004
Diff: https://reviews.apache.org/r/57553/diff/1/
Testing
-------
Thanks,
Colm O hEigeartaigh
Re: Review Request 57553: RANGER-1450 - Avoid path traversal attacks
when reading XML files
Posted by Qiang Zhang <zh...@zte.com.cn>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/57553/#review174298
-----------------------------------------------------------
Ship it!
- Qiang Zhang
On March 13, 2017, 10:39 a.m., Colm O hEigeartaigh wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/57553/
> -----------------------------------------------------------
>
> (Updated March 13, 2017, 10:39 a.m.)
>
>
> Review request for ranger.
>
>
> Bugs: RANGER-1450
> https://issues.apache.org/jira/browse/RANGER-1450
>
>
> Repository: ranger
>
>
> Description
> -------
>
> This task is to avoid potential path traversal attacks when parsing XML configuration files. The fix is just to take the last part of the "path" that is supplied.
>
>
> Diffs
> -----
>
> agents-common/src/main/java/org/apache/ranger/plugin/util/XMLUtils.java 4647004
>
>
> Diff: https://reviews.apache.org/r/57553/diff/1/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Colm O hEigeartaigh
>
>