You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by "Philip Zampino (Jira)" <ji...@apache.org> on 2021/08/17 17:22:00 UTC
[jira] [Created] (KNOX-2644) Topology names should be validated
when uploaded via API
Philip Zampino created KNOX-2644:
------------------------------------
Summary: Topology names should be validated when uploaded via API
Key: KNOX-2644
URL: https://issues.apache.org/jira/browse/KNOX-2644
Project: Apache Knox
Issue Type: Bug
Components: Server
Affects Versions: 1.5.0
Reporter: Philip Zampino
Fix For: 1.6.0
DefaultTopologyService#deployTopology does not validate the topology's name to prevent the creation of files outside the location or intent of the API. The name could be something like _*../gateway-site*_, which could be used to overwrite the gateway configuration.
(e.g., _KNOX_HOME_/conf/topologies/../gateway-site.xml)
--
This message was sent by Atlassian Jira
(v8.3.4#803005)