mirror of
https://gh.wpcy.net/https://github.com/discourse/discourse.git
synced 2026-05-25 14:48:44 +08:00
b348c0d0ce
Harden backup download/delete/restore path handling to prevent path traversal across site backup directories in multisite setups using local backup storage. Tighten backup route matching, validate backup IDs in admin backup member actions, and enforce canonical-path containment in LocalBackupStore so filenames cannot escape the current site’s backup directory. Add regression specs for route matching, controller rejection of traversal IDs, and local store traversal protection. CVE: https://github.com/discourse/discourse/security/advisories/GHSA-5j6v-4x6g-9pg5
21 lines
749 B
Ruby
Vendored
21 lines
749 B
Ruby
Vendored
# frozen_string_literal: true
|
|
|
|
RSpec.describe RouteFormat do
|
|
describe ".backup" do
|
|
def full_backup_match?(filename)
|
|
/\A#{described_class.backup}\z/i.match?(filename)
|
|
end
|
|
|
|
it "matches valid backup filenames" do
|
|
expect(full_backup_match?("backup-2026-05-12.tar.gz")).to eq(true)
|
|
expect(full_backup_match?("backup-2026-05-12.tgz")).to eq(true)
|
|
expect(full_backup_match?("backup-2026-05-12.sql.gz")).to eq(true)
|
|
end
|
|
|
|
it "does not match path traversal attempts" do
|
|
expect(full_backup_match?("../second/backup.tar.gz")).to eq(false)
|
|
expect(full_backup_match?("..%2Fsecond%2Fbackup.tar.gz")).to eq(false)
|
|
expect(full_backup_match?("nested/path/backup.tar.gz")).to eq(false)
|
|
end
|
|
end
|
|
end
|
