Nemcio/SCM-Manager
1
0
Fork 0
mirror of https://github.com/scm-manager/scm-manager.git synced 2025-11-10 15:35:49 +01:00
Code Issues Packages Projects Releases Activity

Validate filepath and filename to prevent path traversal (#1604)

Browse Source 
Validate filepath and filename to prevent path traversal in modification
command and provide validations for editor plugin.

Co-authored-by: René Pfeuffer <rene.pfeuffer@cloudogu.com>
This commit is contained in:
Eduard Heimbuch
2021-03-25 12:50:24 +01:00
committed by GitHub
parent 08549a37b1
commit d94ebb2e3e
12 changed files with 169 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
scm-ui/ui-components/src/validation.test.ts
View File

@@ -136,7 +136,7 @@ describe("test number validation", () => {
});
describe("test path validation", () => {
const invalid = ["//", "some//path", "end//"];
const invalid = ["//", "some//path", "end//", ".", "..", "../"];
for (const path of invalid) {
it(`should return false for '${path}'`, () => {
expect(validator.isPathValid(path)).toBe(false);
@@ -233,3 +233,18 @@ describe("test url validation", () => {
});
}
});
describe("test filename validation", () => {
const invalid = ["", "/", "some/file", ".", "..", "../", "\\", "\\name", "file:some"];
for (const filename of invalid) {
it(`should return false for '${filename}'`, () => {
expect(validator.isFilenameValid(filename)).toBe(false);
});
}
const valid = ["a", "test", "some_file", "end.txt", ".gitignore"];
for (const filename of valid) {
it(`should return true for '${filename}'`, () => {
expect(validator.isFilenameValid(filename)).toBe(true);
});
}
});