nixtaml - [no description]

diff options

author	toastal	2026-04-15 02:08:28 +0000
committer	·𐑑𐑴𐑕𐑑𐑩𐑤	2026-04-15 02:08:28 +0000
commit	90b97599704f3f62820841eb1828c519deceadf7 (patch)
tree	f5e5297343a53f5ad5679309567f95d6cf1390eb /.github/workflows
parent	fe9270a88cb1c406769b0deb552c5f53fad7e656 (diff)
download	nixtaml-90b97599704f3f62820841eb1828c519deceadf7.tar nixtaml-90b97599704f3f62820841eb1828c519deceadf7.tar.gz nixtaml-90b97599704f3f62820841eb1828c519deceadf7.tar.bz2 nixtaml-90b97599704f3f62820841eb1828c519deceadf7.tar.lz nixtaml-90b97599704f3f62820841eb1828c519deceadf7.tar.xz nixtaml-90b97599704f3f62820841eb1828c519deceadf7.tar.zst nixtaml-90b97599704f3f62820841eb1828c519deceadf7.zip

Fix URI validation bypasses (Phase 1.3 updated)

- Add url_decode function to handle percent-encoded sequences - Check both raw and URL-decoded paths for traversal attacks - Catch %2e%2e%2f (encoded ../) and similar bypasses - Improved path traversal detection for patterns like /etc/../passwd Fixes TPol-identified vulnerabilities: - URL-encoded path traversal bypasses - Missing path traversal detection in some patterns

Diffstat (limited to '.github/workflows')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: