OpenACS / openacs-4 / packages / acs-tcl / tcl / test

security-procs.tcl

Tools

Line History

Line Count Graph
Line Count Graph

Stats

Commits this week: 0
Total Committers: 2
Last Commit: 12 Mar
Commits this week: 0
Total Lines of Code (LoC): 256
Net change in LoC this week: 0

Commit Activity

Commits By Day In Week
52 week commits volume
Commits By Day In Week
Commits by day
Commits By Day In Week
Commits by hour
Commits By Hour In Day
Commit calendar
 

Most active committers (90 days)

loading
loading
  • last updated 20 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Tuesday 03 Sep 2024
5:37 pm

gustafn

merge from oacs-5-10

Options
    • -0
    • +256
    ./security-procs.tcl
  2. … 8099 more files in changeset.
Tuesday 27 Aug 2024
4:06 pm

gustafn

silence regression test

Options
    • -1
    • +4
    ./security-procs.tcl
  2. … 1 more file in changeset.
Friday 14 Apr 2023
5:21 pm

antoniop

Test ad_change_password

Options
    • -0
    • +29
    ./security-procs.tcl
Monday 27 Feb 2023
6:51 pm

gustafn

improved spelling

Options
    • -1
    • +1
    ./security-procs.tcl
  2. … 2 more files in changeset.
Thursday 23 Feb 2023
12:57 pm

antoniop

Test all the cornercases of this api as intended, without using ad_tmpnam

Options
    • -30
    • +30
    ./security-procs.tcl
Tuesday 07 Feb 2023
3:09 pm

antoniop

Improve proc coverage

Options
    • -0
    • +88
    ./security-procs.tcl
Saturday 26 Nov 2022
5:47 pm

gustafn

Make use of new API "ad_mktmpdir" and "ad_opentmpfile" instead of "ad_tmpnam"

Options
    • -32
    • +37
    ./security-procs.tcl
  2. … 7 more files in changeset.
Friday 09 Sep 2022
1:32 pm

antoniop

Centralize retrieval of the test URL

Options
    • -13
    • +1
    ./security-procs.tcl
  2. … 5 more files in changeset.
Friday 26 Aug 2022
2:06 pm

antoniop

tmpfile page contract filter reform:

do not allow acs-subsite TmpDir parameter to define where the tmpfolder is located anymore. This MUST be the one configured in the server-wide configuration. Tmpfiles cannot be in a subfolder of the tmpfolder, they MUST be direct children instead. A tmpfile MUST exist beforehand and be owned, be readable and writable by the user running the nsd process. This complies with the definition of a tmpfile by AolServer/NaviServer when they are created to store content coming from a file upload.

Options
    • -28
    • +0
    ./security-procs.tcl
  2. … 4 more files in changeset.
Thursday 25 Aug 2022
5:37 pm

antoniop

Reimplement ad_page_contract_filter_proc_tmpfile using security::safe_tmpfile_p

Some of the features implemented by this filter have been ported into the api, namely the possibility to fetch the valid temp folders from the subsite TmpDir parameter and the possibility to relax the check and allow also files deeper in the tmpfolder hierachy.

Notably, the hardcoded tmpfolders "/var/tmp" and "/tmp" have NOT been ported. One should configure these values via the many available options. security::safe_tmpfile_p is also more restrictive when a file exists, because it checks for ownership and read and write permissions on the file.

Options
    • -1
    • +30
    ./security-procs.tcl
  2. … 2 more files in changeset.
2:37 pm

antoniop

Add must_exist flag to enforce a safe tmpfile to already exist

Options
    • -1
    • +6
    ./security-procs.tcl
  2. … 2 more files in changeset.
1:25 pm

antoniop

Introduce security::safe_tmpfile_p checking whether a file belongs to the configured tmpfolder and respects other constraints

The plan is to use it to improve input validations

Options
    • -0
    • +45
    ./security-procs.tcl
  2. … 2 more files in changeset.
Monday 02 Aug 2021
7:36 pm

gustafn

improve spelling

Options
    • -1
    • +1
    ./security-procs.tcl
Monday 15 Feb 2021
6:53 pm

gustafn

make listing of tested procs more complete

Options
    • -1
    • +4
    ./security-procs.tcl
  2. … 18 more files in changeset.
Monday 25 Jan 2021
5:43 pm

antoniop

Hack to force user agents logging in via the test api to exhibit a cookie based authentication

Options
    • -2
    • +27
    ./security-procs.tcl
Tuesday 12 Jan 2021
6:32 pm

antoniop

Test the use case supposedly supported by sec_change_user_auth_token: invalidate all existing login cookies (e.g. when the users change their password) so that all devices need to log in again

the test exposes a long standing regression (~17 years) where this was broken in order to support persistent login. See e.g. https://openacs.org/forums/message-view?message_id=1691183#msg_1691183

Options
    • -0
    • +64
    ./security-procs.tcl
6:32 pm

antoniop

file security-procs.tcl was initially added on branch oacs-5-10.

Options
    • -0
    • +0
    ./security-procs.tcl