summaryrefslogtreecommitdiffstats
path: root/configserver
diff options
context:
space:
mode:
Diffstat (limited to 'configserver')
-rw-r--r--configserver/src/main/java/com/yahoo/vespa/config/server/deploy/ModelContextImpl.java2
-rw-r--r--configserver/src/main/java/com/yahoo/vespa/config/server/filedistribution/ApplicationFileManager.java10
-rw-r--r--configserver/src/test/java/com/yahoo/vespa/config/server/filedistribution/FileDBRegistryTestCase.java14
3 files changed, 24 insertions, 2 deletions
diff --git a/configserver/src/main/java/com/yahoo/vespa/config/server/deploy/ModelContextImpl.java b/configserver/src/main/java/com/yahoo/vespa/config/server/deploy/ModelContextImpl.java
index 718a25cc225..940801cec79 100644
--- a/configserver/src/main/java/com/yahoo/vespa/config/server/deploy/ModelContextImpl.java
+++ b/configserver/src/main/java/com/yahoo/vespa/config/server/deploy/ModelContextImpl.java
@@ -314,7 +314,7 @@ public class ModelContextImpl implements ModelContext {
@Override public boolean avoidRenamingSummaryFeatures() { return avoidRenamingSummaryFeatures; }
@Override public boolean mergeGroupingResultInSearchInvoker() { return mergeGroupingResultInSearchInvoker; }
@Override public boolean experimentalSdParsing() { return experimentalSdParsing; }
- @Override public String adminClusterNodeArchitecture() { return adminClusterArchitecture().name(); } // TODO: Remove when 7.564 is oldest version in use
+ @Override public String adminClusterNodeArchitecture() { return adminClusterArchitecture().name(); }
@Override public Architecture adminClusterArchitecture() { return adminClusterNodeResourcesArchitecture; }
private static <V> V flagValue(FlagSource source, ApplicationId appId, Version vespaVersion, UnboundFlag<? extends V, ?, ?> flag) {
diff --git a/configserver/src/main/java/com/yahoo/vespa/config/server/filedistribution/ApplicationFileManager.java b/configserver/src/main/java/com/yahoo/vespa/config/server/filedistribution/ApplicationFileManager.java
index 35295ef357f..ad47f2b9e95 100644
--- a/configserver/src/main/java/com/yahoo/vespa/config/server/filedistribution/ApplicationFileManager.java
+++ b/configserver/src/main/java/com/yahoo/vespa/config/server/filedistribution/ApplicationFileManager.java
@@ -32,7 +32,15 @@ public class ApplicationFileManager implements AddFileInterface {
@Override
public FileReference addFile(String relativePath) throws IOException {
- return fileDirectory.addFile(new File(applicationDir, relativePath));
+ Path path = Path.of(relativePath).normalize();
+ if (path.isAbsolute())
+ throw new IllegalArgumentException(relativePath + " is not relative");
+ File file = new File(applicationDir, relativePath);
+ Path relative = applicationDir.toPath().relativize(file.toPath()).normalize();
+ if (relative.isAbsolute() || relative.startsWith(".."))
+ throw new IllegalArgumentException(file + " is not a descendant of " + applicationDir);
+
+ return fileDirectory.addFile(file);
}
@Override
diff --git a/configserver/src/test/java/com/yahoo/vespa/config/server/filedistribution/FileDBRegistryTestCase.java b/configserver/src/test/java/com/yahoo/vespa/config/server/filedistribution/FileDBRegistryTestCase.java
index c322990b8d1..cdb01f2013b 100644
--- a/configserver/src/test/java/com/yahoo/vespa/config/server/filedistribution/FileDBRegistryTestCase.java
+++ b/configserver/src/test/java/com/yahoo/vespa/config/server/filedistribution/FileDBRegistryTestCase.java
@@ -25,6 +25,8 @@ public class FileDBRegistryTestCase {
private static final String APP = "src/test/apps/zkapp";
private static final String FOO_FILE = "files/foo.json";
private static final String NO_FOO_FILE = "files/no_foo.json";
+ private static final String BOO_FILE = "/files/no_foo.json";
+ private static final String BAR_FILE = "../files/no_foo.json";
private static final String BLOB_NAME = "myblob.name";
private static final FileReference BLOB_REF = new FileReference("12f292a25163dd9");
private static final FileReference FOO_REF = new FileReference("b5ce94ca1feae86c");
@@ -42,6 +44,18 @@ public class FileDBRegistryTestCase {
} catch (IllegalArgumentException e) {
assertEquals("src/test/apps/zkapp/files/no_foo.json (No such file or directory)", e.getCause().getMessage());
}
+ try {
+ fileRegistry.addFile(BOO_FILE);
+ fail();
+ } catch (IllegalArgumentException e) {
+ assertEquals("/files/no_foo.json is not relative", e.getMessage());
+ }
+ try {
+ fileRegistry.addFile(BAR_FILE);
+ fail();
+ } catch (IllegalArgumentException e) {
+ assertEquals("src/test/apps/zkapp/../files/no_foo.json is not a descendant of src/test/apps/zkapp", e.getMessage());
+ }
assertEquals(BLOB_REF, fileRegistry.addBlob(BLOB_NAME, ByteBuffer.wrap(BLOB.getBytes(StandardCharsets.UTF_8))));
String serializedRegistry = FileDBRegistry.exportRegistry(fileRegistry);