Opened 5 years ago
Last modified 5 years ago
#31983 closed Cleanup/optimization
Add a warning if the file system cache location is within the static or media roots — at Version 1
| Reported by: | christa | Owned by: | nobody |
|---|---|---|---|
| Component: | Core (Cache system) | Version: | dev |
| Severity: | Normal | Keywords: | cache check |
| Cc: | Johannes Maron | Triage Stage: | Ready for checkin |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | yes | UI/UX: | no |
Description (last modified by )
Hi,
I have been reported an issue regarding the file system cache location to security team one month ago. And the conclusion is to check whether file system cache's location is a subdirectory of special location.
I wrote a check function and require a ticket to make a PR.
Change History (1)
comment:1 by , 5 years ago
| Cc: | added |
|---|---|
| Component: | Testing framework → Core (Cache system) |
| Description: | modified (diff) |
| Easy pickings: | set |
| Needs documentation: | set |
| Needs tests: | set |
| Patch needs improvement: | set |
| Summary: | Add security check for cache location → Add a warning if the file system cache location is within the static or media roots |
| Triage Stage: | Unreviewed → Accepted |
| Type: | Uncategorized → Cleanup/optimization |
| Version: | 3.1 → master |
Note:
See TracTickets
for help on using tickets.
Hi there,
You are making an excellent point. Since this seems to be your first code contribution, I recommend checking out the contribution guidelines to get you kick-started.
Beyond that, I will do a review of your patch. Of the bat I can tell you that tests are missing. You will find examples for how to write a test by reviewing the tests for similar checks.
Let me know if you need any pointers.
Best,
Joe