[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug-wget] [PATCH 11/25] New: Metalink/XML and Metalink/HTTP file naming
|
From: |
Matthew White |
|
Subject: |
[Bug-wget] [PATCH 11/25] New: Metalink/XML and Metalink/HTTP file naming safety rules |
|
Date: |
Sat, 10 Sep 2016 12:51:05 +0200 |
[Coverity Scan is ok, make syntax-check is ok, make check-valgrind is ok,
contrib/check-hard is ok]
This introduces new rules/tests about Metalink/XML and Metalink/HTTP.
The safety mechanism introduced provides secure and predictable file names.
This is convenient to prevent the overwriting of system/critical files and to
prevent to write files into unexpected/protected locations.
The option --trust-server-names may be used to trust metalink:file names when
downloading files.
Verbatim from doc/metalink-standard.txt:
----------------------------------------
The final name of downloaded files is computed starting from a trusted
name, which is then combined with the "Directory Options". The result
is verified and eventually made safer following security rules. If the
final name isn't found safe enough, then the file isn't downloaded.
Depending on the options used, a suffix could be appended to the final
name to not overwrite existing files.
----------------------------------------
Regards,
Matthew
--
Matthew White <address@hidden>
0011-New-Metalink-XML-and-Metalink-HTTP-file-naming-safet.patch
Description: Text Data
pgpzMlQlIMpLg.pgp
Description: PGP signature
- [Bug-wget] [PATCH 11/25] New: Metalink/XML and Metalink/HTTP file naming safety rules,
Matthew White <=