Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(connector-fabric): uncontrolled data used in path expression #1910

Merged
merged 1 commit into from
Mar 14, 2022
Merged

fix(connector-fabric): uncontrolled data used in path expression #1910

merged 1 commit into from
Mar 14, 2022

Conversation

petermetz
Copy link
Contributor

Starts using the sanitize-filename npm package to
secure the Fabric ledger connector against malicious
user input when it comes to file paths of the golang
source codes that can be deployed through it.

https://www.npmjs.com/package/sanitize-filename

Fixes #1909

Signed-off-by: Peter Somogyvari peter.somogyvari@accenture.com

@petermetz
fix(connector-fabric): uncontrolled data used in path expression
8a0dd6b 
Starts using the `sanitize-filename` npm package to
secure the Fabric ledger connector against malicious
user input when it comes to file paths of the golang
source codes that can be deployed through it.

https://www.npmjs.com/package/sanitize-filename

Fixes hyperledger-cacti#1909

Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
@petermetz petermetz requested review from izuru0, jagpreetsinghsasan and takeutak and removed request for jonathan-m-hamilton March 14, 2022 03:27
@petermetz petermetz added dependencies Pull requests that update a dependency file P1 Priority 1: Highest Security Related to existing or potential security vulnerabilities labels Mar 14, 2022
@petermetz petermetz mentioned this pull request Mar 14, 2022
Merged
@petermetz petermetz merged commit ef0981d into hyperledger-cacti:main Mar 14, 2022
@petermetz petermetz deleted the petermetz/issue1909 branch March 14, 2022 06:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@takeutak takeutak takeutak approved these changes

@jagpreetsinghsasan jagpreetsinghsasan jagpreetsinghsasan approved these changes

@izuru0 izuru0 Awaiting requested review from izuru0 izuru0 is a code owner

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file P1 Priority 1: Highest Security Related to existing or potential security vulnerabilities
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

fix(connector-fabric): uncontrolled data used in path expression
3 participants
@petermetz @jagpreetsinghsasan @takeutak