Context Navigation

← Previous Ticket
Next Ticket →

#31983 closed Cleanup/optimization (fixed)

Add a warning if the file system cache location is within the static or media roots

Reported by:	christa	Owned by:	christa
Component:	Core (Cache system)	Version:	dev
Severity:	Normal	Keywords:	cache check
Cc:	Johannes Maron	Triage Stage:	Ready for checkin
Has patch:	yes	Needs documentation:	no
Needs tests:	no	Patch needs improvement:	no
Easy pickings:	yes	UI/UX:	no

Description (last modified by Johannes Maron)

Hi,

I have been reported an issue regarding the file system cache location to security team one month ago. And the conclusion is to check whether file system cache's location is a subdirectory of special location.

I wrote a check function and require a ticket to make a PR.

Change History (10)

comment:1 by Johannes Maron, 5 years ago

Cc:	Johannes Maron added
Component:	Testing framework → Core (Cache system)
Description:	modified (diff)
Easy pickings:	set
Needs documentation:	set
Needs tests:	set
Patch needs improvement:	set
Summary:	Add security check for cache location → Add a warning if the file system cache location is within the static or media roots
Triage Stage:	Unreviewed → Accepted
Type:	Uncategorized → Cleanup/optimization
Version:	3.1 → master

Hi there,

You are making an excellent point. Since this seems to be your first code contribution, I recommend checking out the contribution guidelines to get you kick-started.

Beyond that, I will do a review of your patch. Of the bat I can tell you that tests are missing. You will find examples for how to write a test by reviewing the tests for similar checks.

Let me know if you need any pointers.

Best,
Joe

comment:2 by Manav Agarwal, 5 years ago

May I work on this issue.If yes, please assign the same to me and also please provide some code pointers as well. :)

Last edited 5 years ago by Manav Agarwal (previous) (diff)

comment:3 by Bhavna, 5 years ago

Owner:	changed from nobody to Bhavna
Status:	new → assigned

comment:4 by Mariusz Felisiak, 5 years ago

Owner:	changed from Bhavna to christa

Bhavna, patch is already prepared.

comment:5 by Johannes Maron, 5 years ago

Needs tests:	unset

comment:6 by Johannes Maron, 5 years ago

Needs documentation:	unset
Patch needs improvement:	unset
Triage Stage:	Accepted → Ready for checkin

comment:7 by Mariusz Felisiak, 5 years ago

Patch needs improvement:	set
Triage Stage:	Ready for checkin → Accepted

comment:8 by Jacob Walls, 5 years ago

Patch needs improvement:	unset

Author updated patch.

comment:9 by Carlton Gibson, 5 years ago

Triage Stage:	Accepted → Ready for checkin

comment:10 by Mariusz Felisiak <felisiak.mariusz@…>, 5 years ago

Resolution:	→ fixed
Status:	assigned → closed

In c36075a:

Fixed #31983 -- Added system check for file system caches location.

Thanks Johannes Maron and Nick Pope for reviews.

Note: See TracTickets for help on using tickets.

Download in other formats:

Issues