jiangcuo/node
1
0
Fork 0
mirror of https://github.com/nodejs/node.git synced 2025-05-12 02:02:29 +00:00
Code Issues Actions 13 Packages Projects Releases Wiki Activity
41,249 Commits 67 Branches 878 Tags 2.1 GiB
f76b28f2cf
Commit Graph

4 Commits

Author SHA1 Message Date
Tobias Nießen
0c5696248b
test: fix defect path traversal tests 
The test never actually tested what it claims to test because it did not
properly insert separators before `..`.

PR-URL: https://github.com/nodejs/node/pull/50124
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
 2023-10-16 15:50:28 +00:00
Carlos Espa
413c16e490
src,permission: add multiple allow-fs-* flags 
Support for a single comma separates list for allow-fs-* flags is
removed. Instead now multiple flags can be passed to allow multiple
paths.

Fixes: https://github.com/nodejs/security-wg/issues/1039
PR-URL: https://github.com/nodejs/node/pull/49047
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
 2023-08-17 18:39:04 +00:00
Livia Medeiros
966e3d3493
test: use tmpdir.resolve() 
PR-URL: https://github.com/nodejs/node/pull/49128
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
 2023-08-15 13:45:44 +00:00
RafaelGSS
205f1e643e permission: handle fs path traversal 
PR-URL: https://github.com/nodejs-private/node-private/pull/403
Refs: https://hackerone.com/bugs?subject=nodejs&report_id=1952978
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
CVE-ID: CVE-2023-30584
 2023-06-20 17:31:47 -03:00