You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@knox.apache.org by "Philip Zampino (Jira)" <ji...@apache.org> on 2021/08/17 17:22:00 UTC

[jira] [Created] (KNOX-2644) Topology names should be validated when uploaded via API

Philip Zampino created KNOX-2644:
------------------------------------

             Summary: Topology names should be validated when uploaded via API
                 Key: KNOX-2644
                 URL: https://issues.apache.org/jira/browse/KNOX-2644
             Project: Apache Knox
          Issue Type: Bug
          Components: Server
    Affects Versions: 1.5.0
            Reporter: Philip Zampino
             Fix For: 1.6.0


DefaultTopologyService#deployTopology does not validate the topology's name to prevent the creation of files outside the location or intent of the API. The name could be something like _*../gateway-site*_, which could be used to overwrite the gateway configuration.

(e.g., _KNOX_HOME_/conf/topologies/../gateway-site.xml)



--
This message was sent by Atlassian Jira
(v8.3.4#803005)