Merge branch 'main' of https://git.stella-ops.org/stella-ops.org/git.stella-ops.org
This commit is contained in:
master
@@ -30,7 +30,25 @@ public sealed class FileSystemRiskBundleObjectStore : IRiskBundleObjectStore
|
||||
throw new InvalidOperationException("Risk bundle storage root path is not configured.");
|
||||
}
|
||||
|
||||
var fullPath = Path.Combine(root, options.StorageKey);
|
||||
// Validate storage key to prevent path traversal attacks
|
||||
var storageKey = options.StorageKey;
|
||||
if (string.IsNullOrWhiteSpace(storageKey) ||
|
||||
Path.IsPathRooted(storageKey) ||
|
||||
storageKey.Contains("..") ||
|
||||
storageKey.Contains('\0'))
|
||||
{
|
||||
throw new ArgumentException($"Invalid storage key: path traversal or absolute path detected in '{storageKey}'.", nameof(options));
|
||||
}
|
||||
|
||||
var normalizedRoot = Path.GetFullPath(root);
|
||||
var fullPath = Path.GetFullPath(Path.Combine(normalizedRoot, storageKey));
|
||||
|
||||
// Verify the resolved path is within the root directory
|
||||
if (!fullPath.StartsWith(normalizedRoot, StringComparison.OrdinalIgnoreCase))
|
||||
{
|
||||
throw new ArgumentException($"Storage key '{storageKey}' escapes root directory.", nameof(options));
|
||||
}
|
||||
|
||||
var directory = Path.GetDirectoryName(fullPath);
|
||||
if (!string.IsNullOrEmpty(directory))
|
||||
{
|
||||
|
||||
@@ -379,8 +379,8 @@ public sealed partial class JsonNormalizer
|
||||
// Check if the string looks like a timestamp
|
||||
if (value.Length >= 10 && value.Length <= 40)
|
||||
{
|
||||
// Try ISO 8601 formats
|
||||
if (DateTimeOffset.TryParse(value, null,
|
||||
// Try ISO 8601 formats - use InvariantCulture for deterministic parsing
|
||||
if (DateTimeOffset.TryParse(value, System.Globalization.CultureInfo.InvariantCulture,
|
||||
System.Globalization.DateTimeStyles.RoundtripKind, out result))
|
||||
{
|
||||
// Additional validation - must have date separators
|
||||
|
||||
Reference in New Issue
Block a user