Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

plugin: restrict characters in plugin names #554

Merged
merged 16 commits into from
Dec 18, 2024
Merged

plugin: restrict characters in plugin names #554

merged 16 commits into from
Dec 18, 2024

Conversation

str4d
Copy link
Owner

@str4d str4d commented Dec 18, 2024

Thanks to ⬡-49016 for reporting this issue.

Fixes GHSA-4fg7-vxc8-qx5w.

str4d added 16 commits November 18, 2024 04:41
@str4d
Add tests for invalid plugin name chars
b6c8f06
@str4d
Restrict set of valid characters for plugin names
703152e 
Previously, plugin names were allowed to be `1*VCHAR`, which permits
path separators and parent directory syntax. Under certain conditions,
this could cause `rage` to execute a different binary than intended when
launching a plugin.

Plugin names are now restricted to alphanumeric characters or +-._ which
covers all binary names generally observed in practice.
@str4d
v0.6.1
5501bb6
@str4d
Merge branch 'bugfix-0.6.1' into bugfix-0.7.2
6500817
@str4d
Apply plugin name restriction to 0.7 changes
f70d846 
The existing code was already panicking, but this gives it a nicer error
message.
@str4d
v0.7.2
f8d0ef7
@str4d
Merge branch 'bugfix-0.7.2' into bugfix-0.8.2
951ffb9
@str4d
v0.8.2
8673d56
@str4d
Merge branch 'bugfix-0.8.2' into bugfix-0.9.3
bbe1578
@str4d
v0.9.3
2b501be
@str4d
Merge branch 'bugfix-0.9.3' into bugfix-0.10.1
e48bab7
@str4d
v0.10.1
62f15b9
@str4d
Merge branch 'bugfix-0.10.1' into bugfix-0.11.1
741de97
@str4d
Replace the test NoCallbacks with the library version
383b6f5
@str4d
v0.11.1
a82a76a
@str4d
Update changelog with GHSA for security vulnerability
0780882 
Thanks to ⬡-49016 for reporting this issue.
@codecov Codecov
Copy link

codecov bot commented Dec 18, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 55.00000% with 27 lines in your changes missing coverage. Please review.

Project coverage is 52.02%. Comparing base (1744661) to head (0780882).
Report is 17 commits behind head on main.

Files with missing lines Patch % Lines
age/src/plugin.rs 49.05% 27 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #554      +/-   ##
==========================================
+ Coverage   51.32%   52.02%   +0.70%     
==========================================
  Files          43       43              
  Lines        4195     4219      +24     
==========================================
+ Hits         2153     2195      +42     
+ Misses       2042     2024      -18

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@str4d str4d merged commit d7c727a into main Dec 18, 2024
75 checks passed
@str4d str4d deleted the bugfix-0.11.1 branch December 18, 2024 15:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@str4d