Uploaded image for project: 'UI Framework'
  1. UI Framework
  2. UIFR-215

Do not allow loading arbitrary files

    XMLWordPrintable

Details

    • Enhancement
    • Status: Closed
    • Must
    • Resolution: Fixed
    • 3.13.0, 3.14.0, 3.15.0, 3.17.0
    • 3.19.0
    • None
    • Low

    Description

      The ResourceProviders embedded in the UIFramework library are used for loading resources from various paths, which allows external resources to be included in the UI. Unfortunately, this also allows the ResourceProviders to be exploited to allow the loading of arbitrary and possibly harmful files.

      Acceptance Criteria:

      • It should not be possible to load a file via path traversal
      • It should not be possible to load a file via an absolute path

      Gliffy Diagrams

        Attachments

          Activity

            People

              mseaton Mike Seaton
              ibacher Ian Bacher
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: