Docker/mealie
Docker/mealie
1
0
Fork 0
mirror of https://github.com/mealie-recipes/mealie.git synced 2025-08-10 07:55:23 +02:00
Code Issues Releases Activity

chore: update references to GitHub repository (#5861)

Browse source
This commit is contained in:
Felix Schneider 2025-08-01 10:43:57 +02:00 committed by GitHub
parent b157c7034f
commit 591c96e52b
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
11 changed files with 14 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

6
tests/integration_tests/user_recipe_tests/test_recipe_image_assets.py
View file

@ -45,10 +45,10 @@ def test_recipe_assets_create(api_client: TestClient, unique_user: TestUser, rec
def test_recipe_asset_exploit(api_client: TestClient, unique_user: TestUser, recipe_ingredient_only: Recipe):
"""
Test to ensure that users are unable to circumvent the destination directory when uploading a file
as an asset to the recipe. This was reported via huntr and was confirmed to be a sevre security issue.
as an asset to the recipe. This was reported via huntr and was confirmed to be a severe security issue.
mitigration is implemented by ensuring that the destination file is checked to ensure that the parent directory
is the recipe's asset directory. otherwise an exception is raised and a 400 error is returned.
A mitigation is implemented by ensuring that the destination file is checked to ensure that the parent directory
is the recipe's asset directory. Otherwise, an exception is raised and a 400 error is returned.
Report Details:
-------------------