Issue H. nettest_to_path Does Not Sanitize the NetTest Name
At 2014-04-23 11:55:49 Arturo Filastò wrote: The path to the Python script containing the test implementation is constructed in an unsafe manner.
Mitigation
Current users can mitigate this risk by only using test decks from trusted sources or manually verifying the test_file parameter of the test deck.
Remediation
Use twisted.python.filepath.FilePath.
This issue was automatically migrated from github issue https://github.com/TheTorProject/ooni-probe/issues/306
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information