Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-7850

Ban content which could be interpreted as a "link" to be uploaded or downloaded

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 2.11.1
    • Fix Version/s: 2.11.2
    • Labels:
      None
    • Story Points:
      1
    • Sprint:
      Sprint 33, Sprint 34

      Description

      To prevent malicious abuse of the NX2 framework, we should inspect content which is uploaded (deployed to hosted) or downloaded (fetched from remote) to ensure that the NX2 framework would not interpret the content as a "link".

      This should be separate from "content-validation" checking and always checked.

      Only direct use of the NX2 framework api to store a [Default]StorageLinkItem should be allowed to make content that is to be interpreted as a "link".

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              rseddon Rich Seddon
              Reporter:
              jdillon Jason Dillon
              Last Updated By:
              Peter Lynch Peter Lynch
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Date of First Response:

                  tigCommentSecurity.panel-title