Improve error message for invalid config

4 files changed, 19 insertions, 1 deletions

diff --git a/config-lib/src/main/java/com/yahoo/config/FileNode.java b/config-lib/src/main/java/com/yahoo/config/FileNode.java
index a7c1ebb1488..e6a4af6f439 100644
--- a/config-lib/src/main/java/com/yahoo/config/FileNode.java
+++ b/config-lib/src/main/java/com/yahoo/config/FileNode.java
@@ -1,6 +1,8 @@
 // Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
 package com.yahoo.config;
 
+import java.nio.file.Path;
+
 /**
  * Represents a 'file' in a {@link ConfigInstance}, usually a filename.
  *
@@ -14,6 +16,8 @@ public class FileNode extends LeafNode<FileReference> {
     public FileNode(String stringVal) {
         super(true);
         this.value = new FileReference(ReferenceNode.stripQuotes(stringVal));
+        if (Path.of(value.value()).normalize().startsWith(".."))
+            throw new IllegalArgumentException("path may not start with '..', but got: " + value.value());
     }
 
     public FileReference value() {
diff --git a/config-lib/src/main/java/com/yahoo/config/PathNode.java b/config-lib/src/main/java/com/yahoo/config/PathNode.java
index 1c4f724a7ed..03e6fb51086 100644
--- a/config-lib/src/main/java/com/yahoo/config/PathNode.java
+++ b/config-lib/src/main/java/com/yahoo/config/PathNode.java
@@ -23,7 +23,9 @@ public class PathNode extends LeafNode<Path> {
 
     public PathNode(FileReference fileReference) {
         super(true);
-        this.value = new File(fileReference.value()).toPath();
+        this.value = Path.of(fileReference.value());
+        if (value.normalize().toString().startsWith(".."))
+            throw new IllegalArgumentException("path may not start with '..', but got :" + value);
         this.fileReference = fileReference;
     }
 
diff --git a/config-lib/src/test/java/com/yahoo/config/FileNodeTest.java b/config-lib/src/test/java/com/yahoo/config/FileNodeTest.java
index 56dd7dd116d..1ad9f722eca 100644
--- a/config-lib/src/test/java/com/yahoo/config/FileNodeTest.java
+++ b/config-lib/src/test/java/com/yahoo/config/FileNodeTest.java
@@ -4,6 +4,7 @@ package com.yahoo.config;
 import org.junit.Test;
 
 import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertThrows;
 import static org.junit.Assert.assertTrue;
 
 /**
@@ -11,6 +12,7 @@ import static org.junit.Assert.assertTrue;
  * @since 5.1
  */
 public class FileNodeTest {
+
     @Test
     public void testSetValue() {
         FileNode n = new FileNode();
@@ -20,5 +22,10 @@ public class FileNodeTest {
         assertTrue(n.doSetValue("\"foo.txt\""));
         assertEquals("foo.txt", n.value().value());
         assertEquals("\"foo.txt\"", n.toString());
+
+        assertThrows("path may not start with '..', but got: foo/../../boo",
+                     IllegalArgumentException.class,
+                     () -> new FileNode("foo/../../boo"));
     }
+
 }
diff --git a/config-lib/src/test/java/com/yahoo/config/PathNodeTest.java b/config-lib/src/test/java/com/yahoo/config/PathNodeTest.java
index 37313bbcdf3..2240f647726 100644
--- a/config-lib/src/test/java/com/yahoo/config/PathNodeTest.java
+++ b/config-lib/src/test/java/com/yahoo/config/PathNodeTest.java
@@ -6,6 +6,7 @@ import org.junit.Test;
 import java.io.File;
 
 import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertThrows;
 
 /**
  * @author gjoranv
@@ -20,6 +21,10 @@ public class PathNodeTest {
 
         n = new PathNode(new FileReference("foo.txt"));
         assertEquals(new File("foo.txt").toPath(), n.value());
+
+        assertThrows("path may not start with '..', but got: foo/../../boo",
+                     IllegalArgumentException.class,
+                     () -> new PathNode(new FileReference("foo/../../boo")));
     }
 
 }