Backport of PPP-4773 - Path Traversal through UploadService (10.2 Suite)

pentaho / pentaho-platform

Pentaho BA Server Core

http://www.pentaho.com

Other

473 stars 723 forks source link

Backport of PPP-4773 - Path Traversal through UploadService (10.2 Suite) #5778

Closed mbrasil closed 2 weeks ago

mbrasil commented 2 weeks ago

@pentaho/millenniumfalcon please review

hitachivantarasonarqube[bot] commented 2 weeks ago

Quality Gate failed

Failed conditions
14.8% Duplication on New Code (required ≤ 3%)
B Maintainability Rating on New Code (required ≥ A)

See analysis details on SonarQube

Catch issues before they fail your Quality Gate with our IDE extension SonarLint

buildguy commented 2 weeks ago

[![👍 Frogbot scanned this pull request and did not find any new security issues.](https://raw.githubusercontent.com/jfrog/frogbot/master/resources/v2/noVulnerabilityBannerPR.png)](https://docs.jfrog-applications.jfrog.io/jfrog-applications/frogbot)

Note:

---

**Frogbot** also supports **Contextual Analysis, Secret Detection, IaC and SAST Vulnerabilities Scanning**. This features are included as part of the [JFrog Advanced Security](https://jfrog.com/advanced-security) package, which isn't enabled on your system.

[🐸 JFrog Frogbot](https://docs.jfrog-applications.jfrog.io/jfrog-applications/frogbot)

buildguy commented 2 weeks ago

:white_check_mark: Build finished in 24m 25s

Build command:

mvn clean verify -B -e -Daudit -Djs.no.sandbox -pl extensions

:ok_hand: All tests passed!

Tests run: 1576, Failures: 0, Skipped: 5 Test Results

:information_source: This is an automatic message