Comments (1)
UnnoTed
commented on May 20, 2024
Fix open redirect vulnerability in handlers serving static directories (e.Static, e.StaticFs, echo.StaticDirectoryHandler)
None of those are used in fileb0x because when the Updater option is enabled (which makes use of echo) it creates a GET endpoint "/" that requires a basic auth to access and serves a list of file names and sha256 hash.
https://github.com/UnnoTed/fileb0x/blob/master/template/files.go#L293
Quote from the README section "Update files remotely":
How it works?
By enabling the updater option, the next time that you generate a b0x, it will include a http server, this http server will use a http basic auth and it contains 1 endpoint / that accepts 2 methods: GET, POST.The GET method responds with a list of file names and sha256 hash of each file. The POST method is used to upload files, it creates the directory tree of a new file and then creates the file or it updates an existing file from the virtual memory file system... it responds with a ok string when the upload is successful.
from fileb0x.
Related Issues (20)
- bufio.Scanner limitations
- unescaped paths on windows
- go get -u -v github.com/UnnoTed/fileb0x fails HOT 1
- Thanks for the laugh! HOT 1
- Please tag as v1.0.0 (or whatever) HOT 2
- How to prefer local file overrides? HOT 1
- debug prefixes issue
- Manual initialization
- go get fail: bad checksum
- run go fmt on output by default
- can't install on windows: can't find doublestar HOT 1
- go get -u github.com/UnnoTed/fileb0x error HOT 3
- Possible to pack SQLite file?
- Hash in file name?
- How to disable directory browsing?
- panic: invalid argument
- simple example errors HOT 1
- windows compile it got error
- file birthtime
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fileb0x.