Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Insecure code in cloudinary-cli/modules/upload_dir.py #79

Open
2 of 9 tasks
simran-sankhala opened this issue Oct 12, 2023 · 8 comments
Open
2 of 9 tasks

Insecure code in cloudinary-cli/modules/upload_dir.py #79

simran-sankhala opened this issue Oct 12, 2023 · 8 comments
Assignees
@HeetVekariya

Comments

@simran-sankhala
Copy link

Bug report for Cloudinary CLI

there were a few areas where security could be a concern:

Input Sanitization and Validation:

The code doesn't appear to have extensive input validation or sanitization for user-provided arguments and options. This could potentially lead to issues like code injection or unexpected behavior if malicious input is provided.

# Example of user input that could be potentially risky without validation/sanitization
uploads.append((file_path, {**options, **folder_options}, items, skipped))

Issue Type (Can be multiple)

  • Build - Cannot install or import the SDK
  • Performance - Performance issues
  • Behaviour - Functions are not working as expected (such as generate URL)
  • Documentation - Inconsistency between the docs and behaviour
  • Other (Specify)

Operating System

  • Linux
  • Windows
  • macOS
  • All
@HeetVekariya
Copy link

Hey @simran-sankhala I can work on this issue.

@HeetVekariya
Copy link

HeetVekariya commented Oct 12, 2023
edited
Loading

Thank you for assigning me, will get back to you asap, when i am ready with the solution
Also will this PR be counted under the https://cloudinary.com/blog/hacktoberfest-celebrate-open-source-sdks ?

@colbyfayock
Copy link

colbyfayock commented Oct 12, 2023
edited
Loading

@HeetVekariya before you begin this there is already a pull request opened by @simran-sankhala that needs to be reviewed. If that PR is invalid and the issue opens up you're welcome to submit a PR yourself

This issue has also not been reviewed by the team to determine if it's needed so we'll need to wait to hear back as well

@gagandeepp
Copy link
Contributor

@colbyfayock is this still valid?

@const-cloudinary
Copy link
Contributor

@gagandeepp looks like the guy who originally opened a PR (@simran-sankhala ) is not responding, feel free to take his PR, fix all the issues and submit yours.

@const-cloudinary
Copy link
Contributor

const-cloudinary commented Oct 14, 2024
edited
Loading

This is the PR:
#80

@gagandeepp
Copy link
Contributor

@colbyfayock @const-cloudinary do you want me to work on separate branch or update the changes on this branch itself?

@const-cloudinary
Copy link
Contributor

@gagandeepp , yes, you can fork it and submit your changes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@HeetVekariya HeetVekariya

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@colbyfayock @gagandeepp @const-cloudinary @simran-sankhala @HeetVekariya