diff options
author | Jon Marius Venstad <venstad@gmail.com> | 2022-03-24 14:06:09 +0100 |
---|---|---|
committer | Jon Marius Venstad <venstad@gmail.com> | 2022-03-24 14:06:09 +0100 |
commit | aff293337701a121801f7f0570f0aa40553c0d3f (patch) | |
tree | b1347b6fc2bfa4c8fab0506561688c3870a166ec /standalone-container | |
parent | 04927f9142d5582d79757b9b66e2924f7d84dd93 (diff) |
Make application dir upper level
Diffstat (limited to 'standalone-container')
-rw-r--r-- | standalone-container/src/main/java/com/yahoo/container/standalone/LocalFileDb.java | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/standalone-container/src/main/java/com/yahoo/container/standalone/LocalFileDb.java b/standalone-container/src/main/java/com/yahoo/container/standalone/LocalFileDb.java index 285f0f60c3f..f755d988f28 100644 --- a/standalone-container/src/main/java/com/yahoo/container/standalone/LocalFileDb.java +++ b/standalone-container/src/main/java/com/yahoo/container/standalone/LocalFileDb.java @@ -52,6 +52,10 @@ public class LocalFileDb implements FileAcquirer, FileRegistry { @Override public FileReference addFile(String relativePath) { File file = appPath.resolve(relativePath).toFile(); + Path relative = appPath.relativize(file.toPath()).normalize(); + if (relative.isAbsolute() || relative.startsWith("..")) + throw new IllegalArgumentException(file + " is not a descendant of " + appPath); + if (!file.exists()) { throw new RuntimeException("The file does not exist: " + file.getPath()); } |