HomePhorge
Diffusion puppet 1aa9be5a9752

(#9793) "secure" indirector file backed terminus base class.
1aa9be5a9752Unpublished
Actions

Unpublished Commit ยท Learn More

Repository Importing: This repository is still importing.

Description

(#9793) "secure" indirector file backed terminus base class.

The file base class in the indirector trusted the request key directly, which
made it vulnerable to the same potential for injection attacks as other
terminus base classes.

However, this is somewhat mitigated by the fact that base class is entirely
unused. We can simple eliminate it from the system, because nothing is more
secure than code that doesn't exist.

The only consumer of the code was in the tests, and didn't care what base
class was used, so that was substituted with a continuing class.

Signed-off-by: Daniel Pittman <daniel@puppetlabs.com>

Details

Provenance
Daniel Pittman <daniel@puppetlabs.com>Authored on
Michael Stahnke <stahnma@puppetlabs.com>Committed on Sep 29 2011, 8:31 PM
vanmeeuwenPushed on Jun 2 2015, 2:22 PM
Parents
rPUd76c30935460: (#9792) Predictable temporary filename in ralsh.
Branches
Unknown
Tags
Unknown

Event Timeline

Michael Stahnke <stahnma@puppetlabs.com> committed rPU1aa9be5a9752: (#9793) "secure" indirector file backed terminus base class. (authored by Daniel Pittman <daniel@puppetlabs.com>).Sep 29 2011, 8:31 PM

Changes (3)

PathSize
lib/
puppet/
indirector/
spec/
unit/
indirector/

rPU1aa9be5a9752

View Options

lib/puppet/indirector/file.rb

Loading...
View Options

spec/unit/indirector/file_spec.rb

Loading...
View Options

spec/unit/indirector/terminus_spec.rb

Loading...