rest-server

Stowage/rest-server

Fork 0

mirror of https://github.com/restic/rest-server.git synced 2025-10-19 07:33:21 +00:00

Commit graph

Author	SHA1	Message	Date
Juergen Hoetzel	33c41b55bb	Security: Prevent loading of usernames containing a slash "/" is valid char in HTTP authorization headers, but is also used in rest-server to map usernames to private repos. This commit prevents loading maliciously composed usernames like "/foo/config" by restricting the allowed characters to the unicode character class, numbers, "-", "." and "@". Closes #131	2020-12-28 11:30:00 +01:00

Author

SHA1

Message

Date

Juergen Hoetzel

33c41b55bb

Security: Prevent loading of usernames containing a slash

"/" is valid char in HTTP authorization headers, but is also used in
rest-server to map usernames to private repos.

This commit prevents loading maliciously composed usernames like
"/foo/config" by restricting the allowed characters to the unicode
character class, numbers, "-", "." and "@".

Closes #131

2020-12-28 11:30:00 +01:00

1 commit