diff options
author | Jon Bratseth <bratseth@gmail.com> | 2022-03-31 17:35:01 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-03-31 17:35:01 +0200 |
commit | f2c0f6b3dbdbe4194f305547ac475097ae621db9 (patch) | |
tree | 9e3209b3df50a97547f4216bbcb79194754b99d1 | |
parent | cacd6d19d897b8658d90a3cd56657f667d826585 (diff) | |
parent | 6478c2a16603f2f2163eb2116e58c363ab1cf37b (diff) |
Merge pull request #21917 from vespa-engine/jonmv/misc-5
Improve error message for invalid config
4 files changed, 19 insertions, 1 deletions
diff --git a/config-lib/src/main/java/com/yahoo/config/FileNode.java b/config-lib/src/main/java/com/yahoo/config/FileNode.java index a7c1ebb1488..e6a4af6f439 100644 --- a/config-lib/src/main/java/com/yahoo/config/FileNode.java +++ b/config-lib/src/main/java/com/yahoo/config/FileNode.java @@ -1,6 +1,8 @@ // Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.config; +import java.nio.file.Path; + /** * Represents a 'file' in a {@link ConfigInstance}, usually a filename. * @@ -14,6 +16,8 @@ public class FileNode extends LeafNode<FileReference> { public FileNode(String stringVal) { super(true); this.value = new FileReference(ReferenceNode.stripQuotes(stringVal)); + if (Path.of(value.value()).normalize().startsWith("..")) + throw new IllegalArgumentException("path may not start with '..', but got: " + value.value()); } public FileReference value() { diff --git a/config-lib/src/main/java/com/yahoo/config/PathNode.java b/config-lib/src/main/java/com/yahoo/config/PathNode.java index 1c4f724a7ed..03e6fb51086 100644 --- a/config-lib/src/main/java/com/yahoo/config/PathNode.java +++ b/config-lib/src/main/java/com/yahoo/config/PathNode.java @@ -23,7 +23,9 @@ public class PathNode extends LeafNode<Path> { public PathNode(FileReference fileReference) { super(true); - this.value = new File(fileReference.value()).toPath(); + this.value = Path.of(fileReference.value()); + if (value.normalize().toString().startsWith("..")) + throw new IllegalArgumentException("path may not start with '..', but got :" + value); this.fileReference = fileReference; } diff --git a/config-lib/src/test/java/com/yahoo/config/FileNodeTest.java b/config-lib/src/test/java/com/yahoo/config/FileNodeTest.java index 56dd7dd116d..1ad9f722eca 100644 --- a/config-lib/src/test/java/com/yahoo/config/FileNodeTest.java +++ b/config-lib/src/test/java/com/yahoo/config/FileNodeTest.java @@ -4,6 +4,7 @@ package com.yahoo.config; import org.junit.Test; import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertThrows; import static org.junit.Assert.assertTrue; /** @@ -11,6 +12,7 @@ import static org.junit.Assert.assertTrue; * @since 5.1 */ public class FileNodeTest { + @Test public void testSetValue() { FileNode n = new FileNode(); @@ -20,5 +22,10 @@ public class FileNodeTest { assertTrue(n.doSetValue("\"foo.txt\"")); assertEquals("foo.txt", n.value().value()); assertEquals("\"foo.txt\"", n.toString()); + + assertThrows("path may not start with '..', but got: foo/../../boo", + IllegalArgumentException.class, + () -> new FileNode("foo/../../boo")); } + } diff --git a/config-lib/src/test/java/com/yahoo/config/PathNodeTest.java b/config-lib/src/test/java/com/yahoo/config/PathNodeTest.java index 37313bbcdf3..2240f647726 100644 --- a/config-lib/src/test/java/com/yahoo/config/PathNodeTest.java +++ b/config-lib/src/test/java/com/yahoo/config/PathNodeTest.java @@ -6,6 +6,7 @@ import org.junit.Test; import java.io.File; import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertThrows; /** * @author gjoranv @@ -20,6 +21,10 @@ public class PathNodeTest { n = new PathNode(new FileReference("foo.txt")); assertEquals(new File("foo.txt").toPath(), n.value()); + + assertThrows("path may not start with '..', but got: foo/../../boo", + IllegalArgumentException.class, + () -> new PathNode(new FileReference("foo/../../boo"))); } } |