This is an automated email from the ASF dual-hosted git repository. gaul pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/jclouds.git
commit b0819e0ef5e08c792a4d1724b938714ce9503aa3 Author: jixinchi <[email protected]> AuthorDate: Wed Apr 3 16:57:40 2024 +0800 more validation for containerName and blobKey to avoid access escape --- .../validators/internal/FilesystemBlobKeyValidatorImpl.java | 2 ++ .../internal/FilesystemContainerNameValidatorImpl.java | 2 ++ .../strategy/internal/FilesystemStorageStrategyImpl.java | 9 +++++++++ 3 files changed, 13 insertions(+) diff --git a/apis/filesystem/src/main/java/org/jclouds/filesystem/predicates/validators/internal/FilesystemBlobKeyValidatorImpl.java b/apis/filesystem/src/main/java/org/jclouds/filesystem/predicates/validators/internal/FilesystemBlobKeyValidatorImpl.java index 25e4fdaa0e..60a5721113 100644 --- a/apis/filesystem/src/main/java/org/jclouds/filesystem/predicates/validators/internal/FilesystemBlobKeyValidatorImpl.java +++ b/apis/filesystem/src/main/java/org/jclouds/filesystem/predicates/validators/internal/FilesystemBlobKeyValidatorImpl.java @@ -38,6 +38,8 @@ public class FilesystemBlobKeyValidatorImpl extends FilesystemBlobKeyValidator { //blobkey cannot start with / (or \ in Windows) character if (name.startsWith("\\") || name.startsWith("/")) throw new IllegalArgumentException("Blob key '" + name + "' cannot start with \\ or /"); + if (name.contains("../")) + throw new IllegalArgumentException("Blob key '" + name + "' cannot contains ../"); } } diff --git a/apis/filesystem/src/main/java/org/jclouds/filesystem/predicates/validators/internal/FilesystemContainerNameValidatorImpl.java b/apis/filesystem/src/main/java/org/jclouds/filesystem/predicates/validators/internal/FilesystemContainerNameValidatorImpl.java index c18835a30f..21e5cf5e29 100644 --- a/apis/filesystem/src/main/java/org/jclouds/filesystem/predicates/validators/internal/FilesystemContainerNameValidatorImpl.java +++ b/apis/filesystem/src/main/java/org/jclouds/filesystem/predicates/validators/internal/FilesystemContainerNameValidatorImpl.java @@ -38,6 +38,8 @@ public class FilesystemContainerNameValidatorImpl extends FilesystemContainerNam //container name cannot contains / (or \ in Windows) character if (name.contains("\\") || name.contains("/")) throw new IllegalArgumentException("Container name '" + name + "' cannot contain \\ or /"); + if (name.equals(".") || name.equals("..")) + throw new IllegalArgumentException("Container name cannot be . or .."); } } diff --git a/apis/filesystem/src/main/java/org/jclouds/filesystem/strategy/internal/FilesystemStorageStrategyImpl.java b/apis/filesystem/src/main/java/org/jclouds/filesystem/strategy/internal/FilesystemStorageStrategyImpl.java index 660d89cb1d..4d4b69b838 100644 --- a/apis/filesystem/src/main/java/org/jclouds/filesystem/strategy/internal/FilesystemStorageStrategyImpl.java +++ b/apis/filesystem/src/main/java/org/jclouds/filesystem/strategy/internal/FilesystemStorageStrategyImpl.java @@ -187,6 +187,7 @@ public class FilesystemStorageStrategyImpl implements LocalStorageStrategy { @Override public ContainerAccess getContainerAccess(String container) { + filesystemContainerNameValidator.validate(container); File file = new File(buildPathStartingFromBaseDir(container)); if (!file.exists()) { throw new ContainerNotFoundException(container, "in getContainerAccess"); @@ -217,6 +218,7 @@ public class FilesystemStorageStrategyImpl implements LocalStorageStrategy { @Override public void setContainerAccess(String container, ContainerAccess access) { + filesystemContainerNameValidator.validate(container); Path path = new File(buildPathStartingFromBaseDir(container)).toPath(); if ( isWindows() ) { @@ -310,6 +312,7 @@ public class FilesystemStorageStrategyImpl implements LocalStorageStrategy { @Override public StorageMetadata getContainerMetadata(String container) { + filesystemContainerNameValidator.validate(container); MutableStorageMetadata metadata = new MutableStorageMetadataImpl(); metadata.setName(container); metadata.setType(StorageType.CONTAINER); @@ -378,6 +381,8 @@ public class FilesystemStorageStrategyImpl implements LocalStorageStrategy { @Override public Blob getBlob(final String container, final String key) { + filesystemContainerNameValidator.validate(container); + filesystemBlobKeyValidator.validate(key); BlobBuilder builder = blobBuilders.get(); builder.name(key); File file = getFileForBlobKey(container, key); @@ -658,6 +663,8 @@ public class FilesystemStorageStrategyImpl implements LocalStorageStrategy { @Override public BlobAccess getBlobAccess(String containerName, String blobName) { + filesystemContainerNameValidator.validate(containerName); + filesystemBlobKeyValidator.validate(blobName); if (!new File(buildPathStartingFromBaseDir(containerName)).exists()) { throw new ContainerNotFoundException(containerName, "in getBlobAccess"); } @@ -691,6 +698,8 @@ public class FilesystemStorageStrategyImpl implements LocalStorageStrategy { @Override public void setBlobAccess(String container, String name, BlobAccess access) { + filesystemContainerNameValidator.validate(container); + filesystemBlobKeyValidator.validate(name); Path path = new File(buildPathStartingFromBaseDir(container, name)).toPath(); if ( isWindows() ) { try {
