Branch: refs/heads/master
Home:
https://github.com/tribe29/checkmk
Commit: 332316d7cf2b986bbc8db56dca6e15b57375e263
https://github.com/tribe29/checkmk/commit/332316d7cf2b986bbc8db56dca6e15b57…
Author: Sergey Kipnis <sergey.kipnis(a)tribe29.com>
Date: 2022-07-22 (Fri, 22 Jul 2022)
Changed paths:
M agents/wnx/src/engine/carrier.cpp
M agents/wnx/src/engine/carrier.h
M agents/wnx/watest/test-carrier.cpp
Log Message:
-----------
Fix and extend low level mailslot API
CMK-10620
Change-Id: Iab4d6540fc0de2d4193f01aaa7f2476ebcf102c2
Commit: f5fd6dfe6743eace0d94335b40f3794173107e2b
https://github.com/tribe29/checkmk/commit/f5fd6dfe6743eace0d94335b40f379417…
Author: Maximilian Wirtz <maximilian.wirtz(a)tribe29.com>
Date: 2022-07-22 (Fri, 22 Jul 2022)
Changed paths:
M cmk/gui/pagetypes.py
M cmk/gui/valuespec.py
M cmk/gui/visuals.py
M cmk/gui/watolib/changes.py
M cmk/utils/type_defs/_misc.py
M tests/unit/cmk/gui/wsgi/test_wsgi_router.py
Log Message:
-----------
Make UserId subclass of str with validation
UserId is used on several occasions to construct paths. A malicious
UserId could therefore lead to path traversal.
Since UserId is already a NewType we subclass str now and include
validation. Since we used empty UserIds in the past (which are not valid
usernames...) there is also the possibility to circumvent the validation
but only for empty UserIds.
Change-Id: Iae00e1317b2f8db671db5ce41fc078768e7fcb87
Compare:
https://github.com/tribe29/checkmk/compare/cb85b852540d...f5fd6dfe6743