You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@flink.apache.org by "nate (Jira)" <ji...@apache.org> on 2021/01/11 02:17:00 UTC

[jira] [Updated] (FLINK-20916) Typo in test for CVE-2020-17519

     [ https://issues.apache.org/jira/browse/FLINK-20916?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

nate updated FLINK-20916:
-------------------------
    Description: 
 

The [testGetJobManagerCustomLogsExistingButForbiddenFileWithObfuscatedPath|https://github.com/apache/flink/blob/b561010b0ee741543c3953306037f00d7a9f0801/flink-runtime/src/test/java/org/apache/flink/runtime/rest/handler/cluster/JobManagerCustomLogHandlerTest.java#L149] test for CVE-2020-17519 Path Traversal has a typo that causes it to inaccurately test for the vuln. 

It uses for format string "..%%252%s" when it should be "..%%252f%s".

  was:
 

The testGetJobManagerCustomLogsExistingButForbiddenFileWithObfuscatedPath test for CVE-2020-17519 Path Traversal has a typo that causes it to inaccurately test for the vuln. 

It uses for format string "..%%252%s" when it should be "..%%252f%s".


> Typo in test for CVE-2020-17519
> -------------------------------
>
>                 Key: FLINK-20916
>                 URL: https://issues.apache.org/jira/browse/FLINK-20916
>             Project: Flink
>          Issue Type: Bug
>          Components: Runtime / REST
>            Reporter: nate
>            Priority: Trivial
>
>  
> The [testGetJobManagerCustomLogsExistingButForbiddenFileWithObfuscatedPath|https://github.com/apache/flink/blob/b561010b0ee741543c3953306037f00d7a9f0801/flink-runtime/src/test/java/org/apache/flink/runtime/rest/handler/cluster/JobManagerCustomLogHandlerTest.java#L149] test for CVE-2020-17519 Path Traversal has a typo that causes it to inaccurately test for the vuln. 
> It uses for format string "..%%252%s" when it should be "..%%252f%s".



--
This message was sent by Atlassian Jira
(v8.3.4#803005)