mirror of
https://github.com/ClickHouse/ClickHouse.git
synced 2024-09-29 05:00:47 +00:00
ClickHouse® is a real-time analytics DBMS
6b3366dc70
Problem Descripton: ================== The “key_regexp” constant in the “DiskS3” class contains a regular expression (RegEx) for checking a key path. However, the RegEx starts and ends with “.*”. This is a wildcard that an attacker could use to exploit this file path check by padding the beginning and end with whatever path they’d like. Recommendation: ============== Tighten up the RegEx by replacing the “.*” at the beginning and end with more specific items. Fix: === Replace the .* at the end with $ as there is no need to continue after the key file. Leave the beginning .* as is because the path for the key can have any characters or in any path of the system. |
||
---|---|---|
.github | ||
base | ||
benchmark | ||
cmake | ||
contrib | ||
debian | ||
docker | ||
docs | ||
programs | ||
src | ||
tests | ||
utils | ||
website | ||
.clang-format | ||
.clang-tidy | ||
.editorconfig | ||
.gitattributes | ||
.gitignore | ||
.gitmodules | ||
.potato.yml | ||
.pylintrc | ||
.vimrc | ||
.yamllint | ||
AUTHORS | ||
CHANGELOG.md | ||
CMakeLists.txt | ||
CODE_OF_CONDUCT.md | ||
CONTRIBUTING.md | ||
docker-compose.yml | ||
format_sources | ||
LICENSE | ||
PreLoad.cmake | ||
README.md | ||
release | ||
SECURITY.md | ||
uncrustify.cfg |
ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time.
Useful Links
- Official website has a quick high-level overview of ClickHouse on the main page.
- Tutorial shows how to set up and query a small ClickHouse cluster.
- Documentation provides more in-depth information.
- YouTube channel has a lot of content about ClickHouse in video format.
- Slack and Telegram allow chatting with ClickHouse users in real-time.
- Blog contains various ClickHouse-related articles, as well as announcements and reports about events.
- Code Browser with syntax highlight and navigation.
- Contacts can help to get your questions answered if there are any.