[POLICY-4168] Security vulnerability when unzipping csar on distribution - ONAP JIRA

XML

Word

Printable

Details

Type: Story
Status: Closed
Priority: Medium
Resolution: Done
Affects Version/s: None
Fix Version/s: Kohn Release
Component/s: distribution
Labels:
None

Epic Link:
R11: Software (Non Functional) Improvements
Sprint:
Policy 11/05/22-25/05/22

Description

Successful Zip Bomb attacks occur when an application expands untrusted archive files without controlling the size of the expanded data, which can lead to denial of service. A Zip bomb is usually a malicious archive file of a few kilobytes of compressed data but turned into gigabytes of uncompressed data. To achieve this extreme compression ratio, attackers will compress irrelevant data (eg: a long string of repeated bytes).

https://sonarcloud.io/project/security_hotspots?id=onap_policy-distribution

Attachments

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

#	Subject	Branch	Project	Status	CR	V
129253,1	Security issues from sonar cloud fixes	master	policy/distribution	Status: MERGED	+2	+1

Activity

People

Assignee:: Adheli Tavares

Reporter:: Adheli Tavares

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 11/May/22 10:44 AM

Updated:: 17/May/22 5:29 PM

Resolved:: 17/May/22 5:29 PM