diff options
Diffstat (limited to 'standalone-container')
-rw-r--r-- | standalone-container/src/main/java/com/yahoo/container/standalone/LocalFileDb.java | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/standalone-container/src/main/java/com/yahoo/container/standalone/LocalFileDb.java b/standalone-container/src/main/java/com/yahoo/container/standalone/LocalFileDb.java index 285f0f60c3f..f755d988f28 100644 --- a/standalone-container/src/main/java/com/yahoo/container/standalone/LocalFileDb.java +++ b/standalone-container/src/main/java/com/yahoo/container/standalone/LocalFileDb.java @@ -52,6 +52,10 @@ public class LocalFileDb implements FileAcquirer, FileRegistry { @Override public FileReference addFile(String relativePath) { File file = appPath.resolve(relativePath).toFile(); + Path relative = appPath.relativize(file.toPath()).normalize(); + if (relative.isAbsolute() || relative.startsWith("..")) + throw new IllegalArgumentException(file + " is not a descendant of " + appPath); + if (!file.exists()) { throw new RuntimeException("The file does not exist: " + file.getPath()); } |