Actions
Bug #12698
closed
Insufficient URL validation for smart proxy and medium
Description
Problem: The regex that validates smart proxies URLs only matches 'beginning of text'. This allows us to add just \n after a valid URL and put anything after it. For instance, javascript:alert('hacked'). I haven't found any link to the Foreman proxy URL so the script would not trigger, but if we were to put link_to @smart_proxy.url somewhere (or a plugin did this) it would be unsafe.
Solution: Make the regex match the end of the URL with \Z
Updated by Dominic Cleal about 9 years ago
- Has duplicate Bug #12697: Insufficient validation for smart proxy URL added
Updated by The Foreman Bot about 9 years ago
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/foreman/pull/2960 added
Updated by Daniel Lobato Garcia about 9 years ago
- Subject changed from Insufficient validation for smart proxy URL to Insufficient URL validation for smart proxy and medium
Updated by Dominic Cleal about 9 years ago
- Category set to Security
- Translation missing: en.field_release set to 71
Updated by Daniel Lobato Garcia about 9 years ago
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Applied in changeset 98f6ca54bd689c2df59cedb41d724f6e7c19a83f.
Updated by David Davis about 9 years ago
- Related to Feature #12787: The url validator accepts bad urls like "https://" added
Actions