(incubator-kie-drools) branch main updated: [incubator-kie-issues#2265] fix path traversal issue (#6615)

Fri, 06 Mar 2026 02:22:34 -0800 

This is an automated email from the ASF dual-hosted git repository.

yamer pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/incubator-kie-drools.git


The following commit(s) were added to refs/heads/main by this push:
     new 43f758ddd6 [incubator-kie-issues#2265] fix path traversal issue (#6615)
43f758ddd6 is described below

commit 43f758ddd62604048d64b10f8fa32616cc696f52
Author: AthiraHari77 <[email protected]>
AuthorDate: Fri Mar 6 15:51:54 2026 +0530

    [incubator-kie-issues#2265] fix path traversal issue (#6615)
    
    Co-authored-by: athira <[email protected]>
---
 .../src/main/java/org/kie/maven/plugin/DiskResourceStore.java  | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git 
a/kie-maven-plugin/src/main/java/org/kie/maven/plugin/DiskResourceStore.java 
b/kie-maven-plugin/src/main/java/org/kie/maven/plugin/DiskResourceStore.java
index 1d6a7ff920..2900dbe54b 100644
--- a/kie-maven-plugin/src/main/java/org/kie/maven/plugin/DiskResourceStore.java
+++ b/kie-maven-plugin/src/main/java/org/kie/maven/plugin/DiskResourceStore.java
@@ -18,6 +18,7 @@
  */
 package org.kie.maven.plugin;
 
+import org.drools.util.PathUtils;
 import org.drools.util.PortablePath;
 import org.kie.memorycompiler.resources.ResourceStore;
 
@@ -25,7 +26,6 @@ import java.io.File;
 import java.io.IOException;
 import java.nio.file.Files;
 import java.nio.file.Path;
-import java.nio.file.Paths;
 
 public class DiskResourceStore implements ResourceStore {
 
@@ -77,7 +77,7 @@ public class DiskResourceStore implements ResourceStore {
 
     private void commonWrite(String fullPath, byte[] pResourceData, boolean 
createFolder) {
         try {
-            final Path path = Paths.get(fullPath).normalize();
+            final Path path = PathUtils.getSecuredPath(root.toPath(), 
fullPath);
             if (createFolder) {
                 final Path parentPath = path.getParent();
                 if (parentPath != null) {
@@ -92,7 +92,8 @@ public class DiskResourceStore implements ResourceStore {
 
     private byte[] commonRead(String fullPath) {
         try {
-            return Files.readAllBytes(Paths.get(fullPath).normalize());
+            final Path path = PathUtils.getSecuredPath(root.toPath(), 
fullPath);
+            return Files.readAllBytes(path);
         } catch (IOException e) {
             throw new RuntimeException(e);
         }
@@ -100,7 +101,8 @@ public class DiskResourceStore implements ResourceStore {
 
     private void commonRemove(String fullPath) {
         try {
-            Files.deleteIfExists(Paths.get(fullPath).normalize());
+            final Path path = PathUtils.getSecuredPath(root.toPath(), 
fullPath);
+            Files.deleteIfExists(path);
         } catch (IOException e) {
             throw new RuntimeException(e);
         }


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to