Comments (4)
fchabouis
commented on July 24, 2024
1
Thanks for your answer. I'll do a PR.
from plug.
josevalim
commented on July 24, 2024
Please send a PR that adds the path to the error message, but those are most likely paths with . and .. in them. So most likely someone trying to do some sort of file system traversal or wrong static URLs being generated.
from plug.
fchabouis
commented on July 24, 2024
We finally have the answer, your intuition was right @josevalim!
from plug.
tfantina
commented on July 24, 2024
I have a similar issue with someone trying to directory traversal, it's frankly quite annoying because the client frequently runs bug bounties and such so my Sentry is constantly cluttered with Plug.Static.InvalidPathErrors, I'm wondering what the best way to handle this is. Is there a way to configure PlugStatic not to raise on these errors (to someway handle them gracefully with a redirect or something)? Or should I just add an event filter in Sentry?
from plug.
Related Issues (20)
- Mismatch spec for `Plug.Conn.Query.decode` HOT 1
- Plug.RequestId: put the `request_id` in `:private` or `:assigns`? HOT 1
- 1.15 changes decoding behaviour of `[]` HOT 5
- Request: Support MFA tuple for Plug.Session opts HOT 4
- Plug.Upload's random-tempdir generation is not very random HOT 1
- `strip_spaces` fails on `nil` since 1.15.0 HOT 1
- Plug.Conn.Query has changed the way it decodes parameters from 1.14 to 1.15 without warning HOT 1
- More flexible dynamic routes with `:` parameters HOT 2
- Compatibility issue with plug_crypto 2.0.0 HOT 3
- Error: There isn't enough space to open the popup HOT 1
- Docs inconsistency between Plug moduledoc and Plug.run HOT 1
- Plug.Upload: demonitor previous owner when giving away HOT 1
- Compilation issues on Erlang 26.x HOT 3
- html array items are dropped. HOT 1
- Plug.Conn is not closed when user closes the browser's tab (SSE) HOT 2
- setting max_age to nil in put_resp_cookie/4 causes crash HOT 1
- Sending a zip created on-the-fly via Plug.Conn.chunk fails after around 200Mb HOT 8
- Performance Regression in Plug.Conn.Cookies.decode/1 after Upgrading Elixir and Erlang HOT 3
- Plug.Router macros and functional plugs HOT 1
- Wrong editor links when running inside a container HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from plug.