Re: [Django] #31983: Add a warning if the file system cache location is within the static or media roots (was: Add security check for cache location)

Sat, 05 Sep 2020 10:51:08 -0700 

#31983: Add a warning if the file system cache location is within the static or
media roots
--------------------------------------+------------------------------------
     Reporter:  christa               |                    Owner:  nobody
         Type:  Cleanup/optimization  |                   Status:  new
    Component:  Core (Cache system)   |                  Version:  master
     Severity:  Normal                |               Resolution:
     Keywords:  cache check           |             Triage Stage:  Accepted
    Has patch:  1                     |      Needs documentation:  1
  Needs tests:  1                     |  Patch needs improvement:  1
Easy pickings:  1                     |                    UI/UX:  0
--------------------------------------+------------------------------------
Changes (by Johannes Hoppe):

 * cc: Johannes Hoppe (added)
 * needs_better_patch:  0 => 1
 * component:  Testing framework => Core (Cache system)
 * needs_tests:  0 => 1
 * version:  3.1 => master
 * easy:  0 => 1
 * needs_docs:  0 => 1
 * type:  Uncategorized => Cleanup/optimization
 * stage:  Unreviewed => Accepted


Old description:

> Hi, I have been reported an issue to security team one month ago. And the
> final conclusion is to check whether filesystem cache's  location is  a
> sub directory of special location.
>
> I wrote a check function and require a ticket to make a PR.

New description:

 Hi,

 I have been reported an issue regarding the file system cache location to
 security team one month ago. And the conclusion is to check whether file
 system cache's  location is  a subdirectory of special location.

 I wrote a check function and require a ticket to make a PR.

--

Comment:

 Hi there,

 You are making an excellent point. Since this seems to be your first code
 contribution, I recommend checking out the contribution guidelines to get
 you kick-started.

 Beyond that, I will do a review of your patch. Of the bat I can tell you
 that tests are missing. You will find examples for how to write a test by
 reviewing the tests for similar checks.

 Let me know if you need any pointers.

 Best,
 Joe

-- 
Ticket URL: <https://code.djangoproject.com/ticket/31983#comment:1>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/067.05db1a6a48f68adf5bbe1deb8cb9d102%40djangoproject.com.

Reply via email to