diff options
Diffstat (limited to 'config-lib/src/main/java/com/yahoo/config/FileReference.java')
-rwxr-xr-x | config-lib/src/main/java/com/yahoo/config/FileReference.java | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/config-lib/src/main/java/com/yahoo/config/FileReference.java b/config-lib/src/main/java/com/yahoo/config/FileReference.java index 686721e91ae..8b8434c8cc4 100755 --- a/config-lib/src/main/java/com/yahoo/config/FileReference.java +++ b/config-lib/src/main/java/com/yahoo/config/FileReference.java @@ -2,6 +2,7 @@ package com.yahoo.config; import java.io.File; +import java.nio.file.Path; import java.util.ArrayList; import java.util.Collection; import java.util.LinkedHashMap; @@ -19,6 +20,8 @@ public final class FileReference { private final String value; public FileReference(String value) { + if (Path.of(value).normalize().startsWith("..")) + throw new IllegalArgumentException("Path may not start with '..' but got '" + value + "'"); this.value = Objects.requireNonNull(value); } |