sbp commented on issue #397: URL: https://github.com/apache/tooling-trusted-releases/issues/397#issuecomment-3647850605
5.3.1 forbids untrusted files from being executed. We do not execute any files other than the Python files of our application and its dependencies, which leads us to 5.3.2. 5.3.2 is about path traversal attacks. We have lots of path handling code in ATR. We extract archives, process user submitted paths and filenames from form values, allow local downloads and SVN importing, accept rsync uploads via SSH, and perform writes to storage through our storage interface. In manual review I found that we have pervasive validation, but we should consider centralising all validations and adding lints to prevent bypassing these central controls. 5.3.2 also covers SSRF, and we could make some improvements here. We accept URLs for SVN importing, for example, but rely on Pydantic to validate. This isn't enough to prevent SSRF attacks. The URLs of KEYS files are open to similar attacks, and we must add protections. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
