diff options
Diffstat (limited to 'configserver')
3 files changed, 24 insertions, 2 deletions
diff --git a/configserver/src/main/java/com/yahoo/vespa/config/server/deploy/ModelContextImpl.java b/configserver/src/main/java/com/yahoo/vespa/config/server/deploy/ModelContextImpl.java index 718a25cc225..940801cec79 100644 --- a/configserver/src/main/java/com/yahoo/vespa/config/server/deploy/ModelContextImpl.java +++ b/configserver/src/main/java/com/yahoo/vespa/config/server/deploy/ModelContextImpl.java @@ -314,7 +314,7 @@ public class ModelContextImpl implements ModelContext { @Override public boolean avoidRenamingSummaryFeatures() { return avoidRenamingSummaryFeatures; } @Override public boolean mergeGroupingResultInSearchInvoker() { return mergeGroupingResultInSearchInvoker; } @Override public boolean experimentalSdParsing() { return experimentalSdParsing; } - @Override public String adminClusterNodeArchitecture() { return adminClusterArchitecture().name(); } // TODO: Remove when 7.564 is oldest version in use + @Override public String adminClusterNodeArchitecture() { return adminClusterArchitecture().name(); } @Override public Architecture adminClusterArchitecture() { return adminClusterNodeResourcesArchitecture; } private static <V> V flagValue(FlagSource source, ApplicationId appId, Version vespaVersion, UnboundFlag<? extends V, ?, ?> flag) { diff --git a/configserver/src/main/java/com/yahoo/vespa/config/server/filedistribution/ApplicationFileManager.java b/configserver/src/main/java/com/yahoo/vespa/config/server/filedistribution/ApplicationFileManager.java index 35295ef357f..ad47f2b9e95 100644 --- a/configserver/src/main/java/com/yahoo/vespa/config/server/filedistribution/ApplicationFileManager.java +++ b/configserver/src/main/java/com/yahoo/vespa/config/server/filedistribution/ApplicationFileManager.java @@ -32,7 +32,15 @@ public class ApplicationFileManager implements AddFileInterface { @Override public FileReference addFile(String relativePath) throws IOException { - return fileDirectory.addFile(new File(applicationDir, relativePath)); + Path path = Path.of(relativePath).normalize(); + if (path.isAbsolute()) + throw new IllegalArgumentException(relativePath + " is not relative"); + File file = new File(applicationDir, relativePath); + Path relative = applicationDir.toPath().relativize(file.toPath()).normalize(); + if (relative.isAbsolute() || relative.startsWith("..")) + throw new IllegalArgumentException(file + " is not a descendant of " + applicationDir); + + return fileDirectory.addFile(file); } @Override diff --git a/configserver/src/test/java/com/yahoo/vespa/config/server/filedistribution/FileDBRegistryTestCase.java b/configserver/src/test/java/com/yahoo/vespa/config/server/filedistribution/FileDBRegistryTestCase.java index c322990b8d1..cdb01f2013b 100644 --- a/configserver/src/test/java/com/yahoo/vespa/config/server/filedistribution/FileDBRegistryTestCase.java +++ b/configserver/src/test/java/com/yahoo/vespa/config/server/filedistribution/FileDBRegistryTestCase.java @@ -25,6 +25,8 @@ public class FileDBRegistryTestCase { private static final String APP = "src/test/apps/zkapp"; private static final String FOO_FILE = "files/foo.json"; private static final String NO_FOO_FILE = "files/no_foo.json"; + private static final String BOO_FILE = "/files/no_foo.json"; + private static final String BAR_FILE = "../files/no_foo.json"; private static final String BLOB_NAME = "myblob.name"; private static final FileReference BLOB_REF = new FileReference("12f292a25163dd9"); private static final FileReference FOO_REF = new FileReference("b5ce94ca1feae86c"); @@ -42,6 +44,18 @@ public class FileDBRegistryTestCase { } catch (IllegalArgumentException e) { assertEquals("src/test/apps/zkapp/files/no_foo.json (No such file or directory)", e.getCause().getMessage()); } + try { + fileRegistry.addFile(BOO_FILE); + fail(); + } catch (IllegalArgumentException e) { + assertEquals("/files/no_foo.json is not relative", e.getMessage()); + } + try { + fileRegistry.addFile(BAR_FILE); + fail(); + } catch (IllegalArgumentException e) { + assertEquals("src/test/apps/zkapp/../files/no_foo.json is not a descendant of src/test/apps/zkapp", e.getMessage()); + } assertEquals(BLOB_REF, fileRegistry.addBlob(BLOB_NAME, ByteBuffer.wrap(BLOB.getBytes(StandardCharsets.UTF_8)))); String serializedRegistry = FileDBRegistry.exportRegistry(fileRegistry); |