[jira] [Work logged] (CAMEL-13042) camel-core - File producer should by default not allow writing files to directories outside its starting directory

Tue, 08 Jan 2019 09:48:56 -0800 


     [ 
https://issues.apache.org/jira/browse/CAMEL-13042?focusedWorklogId=182589&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-182589
 ]

ASF GitHub Bot logged work on CAMEL-13042:
------------------------------------------

                Author: ASF GitHub Bot
            Created on: 08/Jan/19 17:37
            Start Date: 08/Jan/19 17:37
    Worklog Time Spent: 10m 
      Work Description: davsclaus commented on pull request #2700: CAMEL-13042: 
File producer should by default only allow to write file…
URL: https://github.com/apache/camel/pull/2700
 
 
   …s in the starting directory (or subs). Added new option to turn this on|off.
 
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
[email protected]


Issue Time Tracking
-------------------

            Worklog Id:     (was: 182589)
            Time Spent: 10m
    Remaining Estimate: 0h

> camel-core - File producer should by default not allow writing files to 
> directories outside its starting directory
> ------------------------------------------------------------------------------------------------------------------
>
>                 Key: CAMEL-13042
>                 URL: https://issues.apache.org/jira/browse/CAMEL-13042
>             Project: Camel
>          Issue Type: Improvement
>          Components: camel-core
>    Affects Versions: 2.23.0
>            Reporter: Claus Ibsen
>            Assignee: Claus Ibsen
>            Priority: Major
>             Fix For: 3.0.0, 2.24.0
>
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> For example
> {code:xml}
> <from uri="file:src/test/resources/data?noop=true"/>
> <setHeader headerName="CamelFileName">
>     <simple>../../${file:name}</simple>
> </setHeader>
> <to uri="file:target/results"/>
> {code}
> Can write the file outside the target/results folder. We should not allow 
> this by default to be more security friendly. 
> We should add a new option (maybe name it jailStartingDirectory or 
> allowWriteOutsideStartingDirectory) or some better name



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to