api, browse: Ensure to sanitize filename passed to django FileResponse
9a29da9ad689
Actions

Description

api, browse: Ensure to sanitize filename passed to django FileResponse

Django might try to access the file if the value provided to the filename
query parameter of associated views is an absolute path.

Details

Provenance

anlambert	Authored on Dec 7 2022, 5:53 PM
anlambert	Pushed on Dec 8 2022, 5:20 PM

Differential Revision

D8945: api, browse: Ensure to sanitize filename passed to django FileResponse

Parents

rDWAPPS36ce2b462f5d: archive_coverage: Add link to Archive Changelog in coverage widget

Branches

Unknown

Tags

Unknown

Build Status

Buildable 33197
Build 52045: test-and-build	Jenkins console · Jenkins

Event Timeline

anlambert committed rDWAPPS9a29da9ad689: api, browse: Ensure to sanitize filename passed to django FileResponse (authored by anlambert).Dec 7 2022, 5:54 PM

anlambert added an edge: D8945: api, browse: Ensure to sanitize filename passed to django FileResponse.Dec 8 2022, 5:21 PM

Harbormaster completed building B33197: rDWAPPS9a29da9ad689: api, browse: Ensure to sanitize filename passed to django FileResponse.Dec 8 2022, 5:32 PM

Changes (3)

Path

Size

swh/

web/

api/

views/

content.py

browse/

tests/

views/

test_content.py

views/

content.py

rDWAPPS9a29da9ad689

View Options

swh/web/api/views/content.py

View Options

swh/web/browse/tests/views/test_content.py

View Options

swh/web/browse/views/content.py

api, browse: Ensure to sanitize filename passed to django FileResponse9a29da9ad689Actions

Description

Details

Event Timeline

Changes (3)

rDWAPPS9a29da9ad689

swh/web/api/views/content.py

swh/web/browse/tests/views/test_content.py

swh/web/browse/views/content.py

api, browse: Ensure to sanitize filename passed to django FileResponse
9a29da9ad689
Actions