IntenseFinance/nosqlbench
3
0
Fork 0
mirror of https://github.com/nosqlbench/nosqlbench.git synced 2024-12-28 09:41:08 -06:00
Code Issues Packages Projects Releases Wiki Activity

fix path traversal so static analysis can recognize it

Browse Source
This commit is contained in:
Jonathan Shook 2022-03-11 10:00:23 -06:00
parent 81c7d47885
commit 38688dd6c6
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
engine-rest/src/main/java/io/nosqlbench/engine/rest/services/WorkSpace.java
View File

@ -151,6 +151,9 @@ public class WorkSpace {
} }
private void assertLegalWorkspacePath(Path target) { private void assertLegalWorkspacePath(Path target) {
if (!target.normalize().startsWith(this.workspacePath)) {
throw new RuntimeException("workspace path '" + target + "' contains path traversal");
}
if (target.toString().contains("..")) { if (target.toString().contains("..")) {
throw new RuntimeException("Possible path injection:" + target); throw new RuntimeException("Possible path injection:" + target);
} }