Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[H10zCpAQ] Fix CWE-73: Added check to prevent reading from outside metrics directory #3245

Merged
merged 2 commits into from
Oct 27, 2022
Merged

[H10zCpAQ] Fix CWE-73: Added check to prevent reading from outside metrics directory #3245

merged 2 commits into from
Oct 27, 2022

Conversation

vga91
Copy link
Collaborator

@vga91 vga91 commented Oct 23, 2022

Added check to prevent reading from outside metrics directory

@vga91 vga91 added the 4.4 label Oct 23, 2022
@vga91 vga91 changed the title [aWB3q8K5] Fix CWE-73: Added check to prevent reading from outside metrics directory [H10zCpAQ] Fix CWE-73: Added check to prevent reading from outside metrics directory Oct 25, 2022
@vga91 vga91 force-pushed the fix_metrics_outside branch from 58a3efd to c623e34 Compare October 25, 2022 15:23
Lojjs
Lojjs reviewed Oct 26, 2022
View reviewed changes
Copy link
Contributor

@Lojjs Lojjs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I will ask our security team to have a look as well, but I think it looks ok apart from the printline

full/src/test/java/apoc/metrics/MetricsTest.java Outdated

@Test
public void shouldNotGetFileOutsideMetricsDir() {
System.out.println("MetricsTest.shouldNotGetFileOutsideMetricsDir1");
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we really want to keep this System.out.println()?

@vga91 vga91 merged commit e0c7958 into neo4j-contrib:4.4 Oct 27, 2022
vga91 added a commit that referenced this pull request Jan 26, 2023
@vga91
[H10zCpAQ] Fix CWE-73: Added check to prevent reading from outside me…
f68c51f 
…trics directory (#3245)
vga91 added a commit that referenced this pull request Jan 26, 2023
@vga91
[H10zCpAQ] Fix CWE-73: Added check to prevent reading from outside me…
0611e72 
…trics directory (#3245)
@vga91 vga91 mentioned this pull request Jan 26, 2023
Merged
vga91 added a commit that referenced this pull request Jan 26, 2023
@vga91
[H10zCpAQ] Fix CWE-73: Added check to prevent reading from outside me…
35c99df 
…trics directory (#3245)
vga91 added a commit that referenced this pull request Jan 30, 2023
@vga91
[H10zCpAQ] Fix CWE-73: Added check to prevent reading from outside me…
7708985 
…trics directory (#3245)
conker84 pushed a commit that referenced this pull request Jan 30, 2023
@vga91
[NOID] Cherry picks from 4.4 to 5.4 (#3424)
7d8c34d 
* [qZZ3O2uX] Updates jackson-databind to fix CVE-2020-36518, CVE-2022-42004, CVE-2022-42003 (#3409)

* [H10zCpAQ] Fix CWE-73: Added check to prevent reading from outside metrics directory (#3245)
vga91 added a commit that referenced this pull request Jan 30, 2023
@vga91
[H10zCpAQ] Fix CWE-73: Added check to prevent reading from outside me…
b5069a5 
…trics directory (#3245) (#3425)
vga91 added a commit that referenced this pull request Apr 28, 2023
@vga91
[H10zCpAQ] Fix CWE-73: Added check to prevent reading from outside me…
7c5b6eb 
…trics directory (#3245) (#3425)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Lojjs Lojjs Lojjs approved these changes

Assignees

@Lojjs Lojjs

Labels
4.4
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@vga91 @Lojjs