projects / ganeti-local / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c899750) | patch
Security issue: add validation of script names
authorIustin Pop <iustin@google.com>
Tue, 1 Dec 2009 14:08:29 +0000 (15:08 +0100)
committerIustin Pop <iustin@google.com>
Tue, 8 Dec 2009 09:10:43 +0000 (10:10 +0100)
commitb0fc8c8943764d182fe2cc1876747ea2c2e4df09
tree821ea5327c8823d92b15fe844cb20d54f6bf2819tree | snapshot
parentc899750fde9828d76526eed47935a46335124d88commit | diff
Security issue: add validation of script names

This patch unifies the search for external script to always go through
utils.FindFile and implements in that function a restriction on valid
chars in file names and (additionally) that the passed name is the
basename of the final (absolute) name.

Signed-off-by: Iustin Pop <iustin@google.com>
Reviewed-by: Michael Hanselmann <hansmi@google.com>
lib/backend.py diff | blob | history
lib/utils.py diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.