status-im
/
react-native
mirror of https://github.com/status-im/react-native.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
react-native/local-cli/server
History
Andrew Clark 9862a77b6a Use file name whitelist to prevent RCE 
Summary:
Use a whitelist to validate user-provided file names. This doesn't cover the entire range of valid filenames but should cover almost all of them in practice. Allows letters, numbers, periods, dashes, and underscores. Opting to use a whitelist instead of a blacklist because getting this wrong leaves us vulnerable to a RCE attack.

This is the same patch I submitted to create-react-app: https://github.com/facebook/create-react-app/pull/4866

See s163726 for more details

Reviewed By: LukasReschke

Differential Revision: D9504148

fbshipit-source-id: e3c7587f1b7f93bec90a58a38d5f6d58f1f59275
 		2018-09-04 11:32:51 -07:00
..
middleware Prevent cross origin requests to development server 2018-08-22 12:31:19 -07:00
util Use file name whitelist to prevent RCE 2018-09-04 11:32:51 -07:00
checkNodeVersion.js Bugfix: Check NodeJS version successfully even for old runtimes (Fixes #20769) (#20779) 2018-08-22 20:34:41 -07:00
runServer.js Fix passing the --reset-cache CLI argument to Metro 2018-08-13 07:31:35 -07:00
server.js Fix Flow errors (#20696) 2018-08-16 17:32:08 -07:00