rest-server

mirror of https://github.com/restic/rest-server.git synced 2025-10-19 07:33:21 +00:00

History

Juergen Hoetzel 33c41b55bb Security: Prevent loading of usernames containing a slash "/" is valid char in HTTP authorization headers, but is also used in rest-server to map usernames to private repos. This commit prevents loading maliciously composed usernames like "/foo/config" by restricting the allowed characters to the unicode character class, numbers, "-", "." and "@". Closes #131	2020-12-28 11:30:00 +01:00
..
.gitkeep	Add .gitkeep to persist changelog/unreleased/ when empty.	2019-12-18 23:14:09 +01:00
issue-131	Security: Prevent loading of usernames containing a slash	2020-12-28 11:30:00 +01:00

Juergen Hoetzel 33c41b55bb Security: Prevent loading of usernames containing a slash

"/" is valid char in HTTP authorization headers, but is also used in
rest-server to map usernames to private repos.

This commit prevents loading maliciously composed usernames like
"/foo/config" by restricting the allowed characters to the unicode
character class, numbers, "-", "." and "@".

Closes #131

2020-12-28 11:30:00 +01:00

.gitkeep

Add .gitkeep to persist changelog/unreleased/ when empty.

2019-12-18 23:14:09 +01:00

issue-131

Security: Prevent loading of usernames containing a slash

2020-12-28 11:30:00 +01:00