Code Review / policy / distribution.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: bd1744d) | patch
Avoid path injection 90/116890/1
authorPamela Dragosh <pdragosh@research.att.com>
Thu, 14 Jan 2021 20:24:37 +0000 (15:24 -0500)
committerPamela Dragosh <pdragosh@research.att.com>
Thu, 14 Jan 2021 20:56:22 +0000 (15:56 -0500)
commite72afd705e3e575161db480adc8fbc4ff71ba2b9
tree5dd12188749b6d3390a4b468bd40dff3292d7cd0tree | snapshot
parentbd1744d82d6e8d817d81f5ef607a8169c7c7591fcommit | diff
Avoid path injection

Adding a check to ensure that a zip file cannot be corrupted
with a path injection to open a stream somewhere else in the
file system.

Issue-ID: POLICY-2908
Change-Id: Iaa75fc8c14831ad73fa7ab59c618909ff5af454c
Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
plugins/reception-plugins/src/main/java/org/onap/policy/distribution/reception/decoding/policy/file/PolicyDecoderFileInCsarToPolicy.java diff | blob | history
This repo will hold the SDC Service Distriution code (Casablanca)