[CB-7890] Validate file copy operations in plugman - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Critical
Resolution: Fixed
Affects Version/s: None
Fix Version/s: None
Component/s: cordova-lib
Labels:
None

Description

Currently plugman fileCopy:

1) allows absolute src and target elements to locations outside the plugin directory and/or project directory
2) follows and allow copying of symlinks to files outside the plugin directory

To fix i would suggest:

1) throw on any resolved target location outside of the project dir
2) throw on any resolved src not inside the plugin dir
3) allow symlinks inside the plugins dir (common platform agnostic assets etc.) but it MUST point to a location also inside the plugin directory.

Attachments

Activity

People

Assignee:: David Brett Rudd

Reporter:: David Brett Rudd

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 29/Oct/14 02:01

Updated:: 23/Aug/18 06:51

Resolved:: 30/Oct/14 21:29