[
https://issues.apache.org/jira/browse/FLINK-20916?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
nate updated FLINK-20916:
-------------------------
Description:
The
[testGetJobManagerCustomLogsExistingButForbiddenFileWithObfuscatedPath|https://github.com/apache/flink/blob/b561010b0ee741543c3953306037f00d7a9f0801/flink-runtime/src/test/java/org/apache/flink/runtime/rest/handler/cluster/JobManagerCustomLogHandlerTest.java#L149]
test for CVE-2020-17519 Path Traversal has a typo that causes it to
inaccurately test for the vuln.
It uses for format string "..%%252%s" when it should be "..%%252f%s".
was:
The testGetJobManagerCustomLogsExistingButForbiddenFileWithObfuscatedPath test
for CVE-2020-17519 Path Traversal has a typo that causes it to inaccurately
test for the vuln.
It uses for format string "..%%252%s" when it should be "..%%252f%s".
> Typo in test for CVE-2020-17519
> -------------------------------
>
> Key: FLINK-20916
> URL: https://issues.apache.org/jira/browse/FLINK-20916
> Project: Flink
> Issue Type: Bug
> Components: Runtime / REST
> Reporter: nate
> Priority: Trivial
>
>
> The
> [testGetJobManagerCustomLogsExistingButForbiddenFileWithObfuscatedPath|https://github.com/apache/flink/blob/b561010b0ee741543c3953306037f00d7a9f0801/flink-runtime/src/test/java/org/apache/flink/runtime/rest/handler/cluster/JobManagerCustomLogHandlerTest.java#L149]
> test for CVE-2020-17519 Path Traversal has a typo that causes it to
> inaccurately test for the vuln.
> It uses for format string "..%%252%s" when it should be "..%%252f%s".
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
