itepechi/akkoma
1
0
Fork 0
Code Issues Pull requests Releases Activity
akkoma/test/pleroma
History
Oneric ddd79ff22d Proactively harden emoji pack against path traversal 
No new path traversal attacks are known. But given the many entrypoints
and code flow complexity inside pack.ex, it unfortunately seems
possible a future refactor or addition might reintroduce one.
Furthermore, some old packs might still contain traversing path entries
which could trigger undesireable actions on rename or delete.

To ensure this can never happen, assert safety during path construction.

Path.safe_relative was introduced in Elixir 1.14, but
fortunately, we already require at least 1.14 anyway.
2024-03-18 22:33:10 -01:00
..
activity Prune old Update activities 2024-02-17 16:57:40 +01:00
akkoma
collections
config
conversation
docs
ecto_type/activity_pub/object_validators
emails Correct email links to be absolute URLs 2023-11-02 11:49:03 +00:00
emoji Proactively harden emoji pack against path traversal 2024-03-18 22:33:10 -01:00
http
instances
integration
mfa
migration_helper
object
password
repo/migrations
search
translators
upload
uploaders
user
web StealEmoji: check remote size before downloading 2024-03-18 22:33:10 -01:00
workers
activity_test.exs
announcement_read_relationship_test.exs
announcement_test.exs
application_requirements_test.exs
bookmark_test.exs
captcha_test.exs
config_db_test.exs
config_test.exs
conversation_test.exs
emoji_test.exs
filter_test.exs
following_relationship_test.exs
formatter_test.exs
frontend_test.exs
hashtag_test.exs
healthcheck_test.exs
html_test.exs
http_test.exs
instances_test.exs
iso639_test.exs
job_queue_monitor_test.exs
keys_test.exs
list_test.exs
marker_test.exs
mfa_test.exs
moderation_log_test.exs
notification_test.exs
object_test.exs Always insert Dedupe upload filter 2024-03-18 22:33:10 -01:00
otp_version_test.exs
pagination_test.exs
password_test.exs
registration_test.exs
repo_test.exs
report_note_test.exs
reverse_proxy_test.exs Sanitise Content-Type of media proxy URLs 2024-03-18 22:33:10 -01:00
runtime_test.exs Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
safe_jsonb_set_test.exs
scheduled_activity_test.exs
signature_test.exs
stats_test.exs
upload_test.exs Always insert Dedupe upload filter 2024-03-18 22:33:10 -01:00
user_invite_token_test.exs
user_note_test.exs
user_relationship_test.exs
user_search_test.exs
user_test.exs fix issue with API cascading domain blocks but not honouring them 2023-08-25 11:00:49 +01:00
utils_test.exs
xml_builder_test.exs