subject:"\[jira\] \[Commented\] \(CB\-7183\) Prevent plugins from modifying files outside of the project"

[jira] [Commented] (CB-7183) Prevent plugins from modifying files outside of the project

2015-12-21 Thread ASF GitHub Bot (JIRA)


[ 
https://issues.apache.org/jira/browse/CB-7183?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15067193#comment-15067193
 ] 

ASF GitHub Bot commented on CB-7183:


Github user asfgit closed the pull request at:

https://github.com/apache/cordova-lib/pull/355


> Prevent plugins from modifying files outside of the project
> ---
>
> Key: CB-7183
> URL: https://issues.apache.org/jira/browse/CB-7183
> Project: Apache Cordova
>  Issue Type: Bug
>  Components: CordovaLib
>Reporter: Andrew Grieve
>Assignee: Byoungro So
>  Labels: cordova-6.0.0
>
> Right now this is possible:
> {code}
>  target-dir="../../../../../hooks/pre_package"/>
> {code}
> We should ensure that plugins are not able to touch files outside of the 
> project directory!



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

-
To unsubscribe, e-mail: issues-unsubscr...@cordova.apache.org
For additional commands, e-mail: issues-h...@cordova.apache.org

[jira] [Commented] (CB-7183) Prevent plugins from modifying files outside of the project

2015-12-21 Thread ASF subversion and git services (JIRA)


[ 
https://issues.apache.org/jira/browse/CB-7183?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15067191#comment-15067191
 ] 

ASF subversion and git services commented on CB-7183:
-

Commit 5eb351e08eb9b2c7c685b7c06a4fc50316bcce02 in cordova-lib's branch 
refs/heads/master from [~bso]
[ https://git-wip-us.apache.org/repos/asf?p=cordova-lib.git;h=5eb351e ]

CB-7183 prevent read/write/modify files outside project from plugins

This closes #355


> Prevent plugins from modifying files outside of the project
> ---
>
> Key: CB-7183
> URL: https://issues.apache.org/jira/browse/CB-7183
> Project: Apache Cordova
>  Issue Type: Bug
>  Components: CordovaLib
>Reporter: Andrew Grieve
>Assignee: Byoungro So
>  Labels: cordova-6.0.0
>
> Right now this is possible:
> {code}
>  target-dir="../../../../../hooks/pre_package"/>
> {code}
> We should ensure that plugins are not able to touch files outside of the 
> project directory!



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

-
To unsubscribe, e-mail: issues-unsubscr...@cordova.apache.org
For additional commands, e-mail: issues-h...@cordova.apache.org

[jira] [Commented] (CB-7183) Prevent plugins from modifying files outside of the project

2015-12-17 Thread ASF GitHub Bot (JIRA)


[ 
https://issues.apache.org/jira/browse/CB-7183?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15063142#comment-15063142
 ] 

ASF GitHub Bot commented on CB-7183:


Github user bso-intel commented on the pull request:

https://github.com/apache/cordova-lib/pull/355#issuecomment-165621005
  
Hi Shazron,
Could you review this CB-7183?
As we discussed we need some security check for plugins accessing outside 
the plugins directory.
Please pull if it looks okay.
Thanks.


> Prevent plugins from modifying files outside of the project
> ---
>
> Key: CB-7183
> URL: https://issues.apache.org/jira/browse/CB-7183
> Project: Apache Cordova
>  Issue Type: Bug
>  Components: CordovaLib
>Reporter: Andrew Grieve
>Assignee: Byoungro So
>  Labels: cordova-6.0.0
>
> Right now this is possible:
> {code}
>  target-dir="../../../../../hooks/pre_package"/>
> {code}
> We should ensure that plugins are not able to touch files outside of the 
> project directory!



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

-
To unsubscribe, e-mail: issues-unsubscr...@cordova.apache.org
For additional commands, e-mail: issues-h...@cordova.apache.org

[jira] [Commented] (CB-7183) Prevent plugins from modifying files outside of the project

2015-12-11 Thread ASF GitHub Bot (JIRA)


[ 
https://issues.apache.org/jira/browse/CB-7183?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15054075#comment-15054075
 ] 

ASF GitHub Bot commented on CB-7183:


GitHub user bso-intel opened a pull request:

https://github.com/apache/cordova-lib/pull/355

Cb 7183

CB-7183 security check for the scriptSrc property of the engine tag.

The other src and target-dir path escape checks are already implemented in 
cordova-lib/src/plugman/platforms/common.js/copyFile() function.
The only missing security check is in the scriptSrc of the  tag.

You can merge this pull request into a Git repository by running:

$ git pull https://github.com/bso-intel/cordova-lib CB-7183

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/cordova-lib/pull/355.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #355


commit 5fd5d275cd13ebe9eb3b7c86b71988cdcdfa4cf8
Author: Byoungro So 
Date:   2015-12-10T03:43:46Z

CB-7183 prevent read/write/modify files outside project from plugins

commit c03534aafc218923327ae7921eb75669927625d4
Author: Byoungro So 
Date:   2015-12-12T05:48:03Z

CB-7183 security check for engine scriptSrc tag




> Prevent plugins from modifying files outside of the project
> ---
>
> Key: CB-7183
> URL: https://issues.apache.org/jira/browse/CB-7183
> Project: Apache Cordova
>  Issue Type: Bug
>  Components: CordovaLib
>Reporter: Andrew Grieve
>Assignee: Byoungro So
>
> Right now this is possible:
> {code}
>  target-dir="../../../../../hooks/pre_package"/>
> {code}
> We should ensure that plugins are not able to touch files outside of the 
> project directory!



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

-
To unsubscribe, e-mail: issues-unsubscr...@cordova.apache.org
For additional commands, e-mail: issues-h...@cordova.apache.org

[jira] [Commented] (CB-7183) Prevent plugins from modifying files outside of the project

2015-12-09 Thread Shazron Abdullah (JIRA)


[ 
https://issues.apache.org/jira/browse/CB-7183?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15049722#comment-15049722
 ] 

Shazron Abdullah commented on CB-7183:
--

I believe this was discussed in the mailing list but somehow rejected

> Prevent plugins from modifying files outside of the project
> ---
>
> Key: CB-7183
> URL: https://issues.apache.org/jira/browse/CB-7183
> Project: Apache Cordova
>  Issue Type: Bug
>  Components: CordovaLib
>Reporter: Andrew Grieve
>Assignee: Byoungro So
>
> Right now this is possible:
> {code}
>  target-dir="../../../../../hooks/pre_package"/>
> {code}
> We should ensure that plugins are not able to touch files outside of the 
> project directory!



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

-
To unsubscribe, e-mail: issues-unsubscr...@cordova.apache.org
For additional commands, e-mail: issues-h...@cordova.apache.org

[jira] [Commented] (CB-7183) Prevent plugins from modifying files outside of the project

2015-12-09 Thread Shazron Abdullah (JIRA)


[ 
https://issues.apache.org/jira/browse/CB-7183?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15049737#comment-15049737
 ] 

Shazron Abdullah commented on CB-7183:
--

No, things change all the time, I think a fresh perspective could change 
other's minds. This is where we discussed it, but in the context of hooks: 
http://markmail.org/message/ikovjpm2akal4zic

Now that I read that thread again, I think it's a different situation though

> Prevent plugins from modifying files outside of the project
> ---
>
> Key: CB-7183
> URL: https://issues.apache.org/jira/browse/CB-7183
> Project: Apache Cordova
>  Issue Type: Bug
>  Components: CordovaLib
>Reporter: Andrew Grieve
>Assignee: Byoungro So
>
> Right now this is possible:
> {code}
>  target-dir="../../../../../hooks/pre_package"/>
> {code}
> We should ensure that plugins are not able to touch files outside of the 
> project directory!



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

-
To unsubscribe, e-mail: issues-unsubscr...@cordova.apache.org
For additional commands, e-mail: issues-h...@cordova.apache.org

[jira] [Commented] (CB-7183) Prevent plugins from modifying files outside of the project

2015-12-09 Thread Byoungro So (JIRA)


[ 
https://issues.apache.org/jira/browse/CB-7183?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15049733#comment-15049733
 ] 

Byoungro So commented on CB-7183:
-

Hi Shazron,

Do you mean this issue won't get accepted?
In the XDK, we disallow plugins from reading/modifying any files outside the 
project for security reasons.
It is not only the  element.
I am planning to make security checks in other elements too.
Any reason why we do not need these security checks?
Thanks.

> Prevent plugins from modifying files outside of the project
> ---
>
> Key: CB-7183
> URL: https://issues.apache.org/jira/browse/CB-7183
> Project: Apache Cordova
>  Issue Type: Bug
>  Components: CordovaLib
>Reporter: Andrew Grieve
>Assignee: Byoungro So
>
> Right now this is possible:
> {code}
>  target-dir="../../../../../hooks/pre_package"/>
> {code}
> We should ensure that plugins are not able to touch files outside of the 
> project directory!



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

-
To unsubscribe, e-mail: issues-unsubscr...@cordova.apache.org
For additional commands, e-mail: issues-h...@cordova.apache.org

[jira] [Commented] (CB-7183) Prevent plugins from modifying files outside of the project

[jira] [Commented] (CB-7183) Prevent plugins from modifying files outside of the project

[jira] [Commented] (CB-7183) Prevent plugins from modifying files outside of the project

[jira] [Commented] (CB-7183) Prevent plugins from modifying files outside of the project

[jira] [Commented] (CB-7183) Prevent plugins from modifying files outside of the project

[jira] [Commented] (CB-7183) Prevent plugins from modifying files outside of the project

[jira] [Commented] (CB-7183) Prevent plugins from modifying files outside of the project

7 matches

Site Navigation

Mail list logo

Footer information