diff options
3 files changed, 18 insertions, 2 deletions
diff --git a/config-application-package/src/main/java/com/yahoo/config/model/application/provider/FilesApplicationPackage.java b/config-application-package/src/main/java/com/yahoo/config/model/application/provider/FilesApplicationPackage.java index 4cde4e7afaa..36ebb621475 100644 --- a/config-application-package/src/main/java/com/yahoo/config/model/application/provider/FilesApplicationPackage.java +++ b/config-application-package/src/main/java/com/yahoo/config/model/application/provider/FilesApplicationPackage.java @@ -548,11 +548,12 @@ public class FilesApplicationPackage extends AbstractApplicationPackage { if (new File(name).isAbsolute()) throw new IllegalArgumentException("Absolute path to ranking expression file is not allowed: " + name); + Path path = Path.fromString(name); File sdDir = new File(appDir, SCHEMAS_DIR.getRelative()); - File expressionFile = new File(sdDir, name); + File expressionFile = new File(sdDir, path.getRelative()); if ( ! expressionFile.exists()) { sdDir = new File(appDir, SEARCH_DEFINITIONS_DIR.getRelative()); - expressionFile = new File(sdDir, name); + expressionFile = new File(sdDir, path.getRelative()); } return expressionFile; } diff --git a/vespajlib/src/main/java/com/yahoo/path/Path.java b/vespajlib/src/main/java/com/yahoo/path/Path.java index 12f93d15737..4fcabe57d25 100644 --- a/vespajlib/src/main/java/com/yahoo/path/Path.java +++ b/vespajlib/src/main/java/com/yahoo/path/Path.java @@ -43,6 +43,10 @@ public final class Path { * @param elements a list of path elements */ private Path(List<String> elements, String delimiter) { + for (String element : elements) + if ("..".equals(element)) + throw new IllegalArgumentException("'..' is not allowed in path"); + this.elements = ImmutableList.copyOf(elements); this.delimiter = delimiter; } @@ -138,6 +142,7 @@ public final class Path { * @throws IllegalStateException if this path is empty */ public Path withLast(String element) { + if (element.contains(delimiter)) throw new IllegalArgumentException("single element cannot contain delimiter " + delimiter); if (element.isEmpty()) throw new IllegalStateException("Cannot set the last element of an empty path"); List<String> newElements = new ArrayList<>(elements); newElements.set(newElements.size() -1, element); diff --git a/vespajlib/src/test/java/com/yahoo/path/PathTest.java b/vespajlib/src/test/java/com/yahoo/path/PathTest.java index ae4581f1e9d..9446320d2c9 100644 --- a/vespajlib/src/test/java/com/yahoo/path/PathTest.java +++ b/vespajlib/src/test/java/com/yahoo/path/PathTest.java @@ -105,6 +105,16 @@ public class PathTest { assertEquals("/foo/bar/baz/foo/bar/baz", p3.getAbsolute()); } + @Test(expected = IllegalArgumentException.class) + public void testDoubleDot() { + Path.fromString("foo/../bar"); + } + + @Test(expected = IllegalArgumentException.class) + public void testLastWithDelimiter() { + Path.fromString("foo/bar").withLast("../../baz"); + } + private Path getRelativePath() { return Path.fromString("foo/bar/baz"); } |