Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Double-dots in resource paths should be prohibited. #70

Open
Fak3 opened this issue Jan 17, 2017 · 0 comments
Open

Double-dots in resource paths should be prohibited. #70

Fak3 opened this issue Jan 17, 2017 · 0 comments
Assignees
@Fak3
Milestone
Backlog

Comments

@Fak3
Copy link
Contributor

Fak3 commented Jan 17, 2017

We should keep and restrict all the data for any datapackage under the corresponding bitstore key (dir), in the subkeys (subdirs/files). So that malicious or careless user, uploading a datapackage resource will not ever overwrite any other datapackage's data or metadata.
To achieve that we should forbid resource paths to refer to parent-directory with double-dots ../. On the client it could be checked during the datapackage validation.

See also the same server side restriction: openknowledge-archive/dpr-api#189
@Fak3 Fak3 self-assigned this Jan 18, 2017
@zelima zelima added this to the Backlog milestone Apr 26, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Fak3 Fak3

Labels
None yet
Projects
None yet
Milestone
Backlog
Development

No branches or pull requests
2 participants
@Fak3 @zelima