Patch security hole in spec_loader.py#32
Merged
jayrbolton merged 2 commits intodevelopfrom Sep 8, 2020
Merged
Conversation
add sample_spec_release dir and instructions for updating the test spec archive add "get_view" method to spec_loader.py and sample view to the test spec archive
ialarmedalien
commented
Sep 8, 2020
Comment on lines
+19
to
+27
| config = get_config() | ||
| cls.repo_path = config['spec_paths']['repo'] | ||
| for key in config['spec_paths'].keys(): | ||
| if cls.repo_path in config['spec_paths'][key]: | ||
| config['spec_paths'][key] = config['spec_paths'][key].replace( | ||
| cls.repo_path, | ||
| cls.test_spec_dir | ||
| ) | ||
| cls.config = config |
Collaborator
Author
There was a problem hiding this comment.
Edit config settings to point to the sample_spec_release dir for the duration of this test.
ialarmedalien
commented
Sep 8, 2020
| ) | ||
|
|
||
| # this matches a file in one of the other test data dirs => should throw an error | ||
| path_outside_spec_repo = '../../../../data/collections/test_node' |
Collaborator
Author
There was a problem hiding this comment.
Prior to the fixes, this would retrieve a file. 😱
ialarmedalien
commented
Sep 8, 2020
Comment on lines
+147
to
+150
| { | ||
| 'schema_type_names': ['view', 'views'], | ||
| 'example': 'test_vertices', | ||
| } |
Collaborator
Author
There was a problem hiding this comment.
add in tests for retrieving views
jayrbolton
reviewed
Sep 8, 2020
jayrbolton
reviewed
Sep 8, 2020
Simplify code to reduce array of paths to a unique set
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
patch security hole in
spec_loader.pyand add tests (closes Patch potential security hole in spec_loader.py #22)add "get_view" method to
spec_loader.pyand add a view to thesample_spec_releasetest setadd
sample_spec_releasedir (expanded version of the test spec archive,spec.tar.gz)add instructions for updating the test spec archive
I updated the README.md docs to reflect this change.
This is not a breaking API change