Forbid substrings based on a regexp in name_filter middleware

Code Issues Proposed changes

In comments from https://review.openstack.org/8798 it was raised that it
might make sense to forbid some substrings in the name_filter
middleware.
There is now a new forbidden_regexp option for the name_filter
middleware to specify which substrings to forbid. The default is
"/\./|/\.\./|/\.$|/\.\.$" (or in a non-regexp language: the /./ and /../
substrings as well as strings ending with /. or /..).
This can be useful for extra paranoia to avoid directory traversals
(bug 1005908), or for more general filtering.
Change-Id: I39bf2de45b9dc7d3ca4d350d24b3f2276e958a62
DocImpact: new forbidden_regexp option for the name_filter middleware

This commit is contained in:

Vincent Untz

2012年07月05日 15:43:14 +02:00

parent 31ff3da485

commit faff4ae769

4 changed files with 53 additions and 1 deletions

Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL

Download Patch File Download Diff File Expand all files Collapse all files

2
doc/manpages/proxy-server.conf.5

View File

@@ -427,6 +427,8 @@ The default is \fBegg:swift#name_check\fR.

Characters that will not be allowed in a name.

.IP \fBmaximum_length\fR

Maximum number of characters that can be in the name.

.IP \fBforbidden_regexp\fR

Python regular expressions of substrings that will not be allowed in a name.

.RE

Forbid substrings based on a regexp in name_filter middleware

2 doc/manpages/proxy-server.conf.5 Unescape Escape View File

2
doc/manpages/proxy-server.conf.5

View File