Opened 4 years ago
Closed 3 years ago
#31983 closed Cleanup/optimization (fixed)
Add a warning if the file system cache location is within the static or media roots
| Reported by: | christa | Owned by: | christa |
|---|---|---|---|
| Component: | Core (Cache system) | Version: | dev |
| Severity: | Normal | Keywords: | cache check |
| Cc: | Johannes Maron | Triage Stage: | Ready for checkin |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | yes | UI/UX: | no |
Description (last modified by )
Hi,
I have been reported an issue regarding the file system cache location to security team one month ago. And the conclusion is to check whether file system cache's location is a subdirectory of special location.
I wrote a check function and require a ticket to make a PR.
Change History (10)
comment:1 by , 4 years ago
| Cc: | added |
|---|---|
| Component: | Testing framework → Core (Cache system) |
| Description: | modified (diff) |
| Easy pickings: | set |
| Needs documentation: | set |
| Needs tests: | set |
| Patch needs improvement: | set |
| Summary: | Add security check for cache location → Add a warning if the file system cache location is within the static or media roots |
| Triage Stage: | Unreviewed → Accepted |
| Type: | Uncategorized → Cleanup/optimization |
| Version: | 3.1 → master |
comment:2 by , 4 years ago
May I work on this issue.If yes, please assign the same to me and also please provide some code pointers as well. :)
comment:3 by , 4 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:5 by , 4 years ago
| Needs tests: | unset |
|---|
comment:6 by , 4 years ago
| Needs documentation: | unset |
|---|---|
| Patch needs improvement: | unset |
| Triage Stage: | Accepted → Ready for checkin |
comment:7 by , 4 years ago
| Patch needs improvement: | set |
|---|---|
| Triage Stage: | Ready for checkin → Accepted |
comment:9 by , 3 years ago
| Triage Stage: | Accepted → Ready for checkin |
|---|
Note:
See TracTickets
for help on using tickets.
Hi there,
You are making an excellent point. Since this seems to be your first code contribution, I recommend checking out the contribution guidelines to get you kick-started.
Beyond that, I will do a review of your patch. Of the bat I can tell you that tests are missing. You will find examples for how to write a test by reviewing the tests for similar checks.
Let me know if you need any pointers.
Best,
Joe