This is an automated email from the ASF dual-hosted git repository.
aajisaka pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/kyuubi.git
The following commit(s) were added to refs/heads/master by this push:
new 6d844ea02e Normalize local path in Kyuubi server
6d844ea02e is described below
commit 6d844ea02ef810543dfaf169ac7a49a54c0a846b
Author: Akira Ajisaka <[email protected]>
AuthorDate: Thu Dec 18 11:04:51 2025 +0900
Normalize local path in Kyuubi server
Authored-by: Hiroki Egawa <[email protected]>
Signed-off-by: Akira Ajisaka <[email protected]>
---
.../scala/org/apache/kyuubi/engine/KyuubiApplicationManager.scala | 4 ++--
.../org/apache/kyuubi/engine/KyuubiApplicationManagerSuite.scala | 7 +++++++
2 files changed, 9 insertions(+), 2 deletions(-)
diff --git
a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KyuubiApplicationManager.scala
b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KyuubiApplicationManager.scala
index 763bea1f93..ee4c4d44e8 100644
---
a/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KyuubiApplicationManager.scala
+++
b/kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KyuubiApplicationManager.scala
@@ -19,7 +19,7 @@ package org.apache.kyuubi.engine
import java.io.File
import java.net.{URI, URISyntaxException}
-import java.nio.file.{Files, Path}
+import java.nio.file.{Files, Path, Paths}
import java.util.Locale
import scala.util.control.NonFatal
@@ -163,7 +163,7 @@ object KyuubiApplicationManager {
s"Relative path ${uri.getPath} is not allowed, please use absolute
path.")
}
- if (!localDirAllowList.exists(uri.getPath.startsWith(_))) {
+ if
(!localDirAllowList.exists(Paths.get(uri.getPath).normalize.startsWith(_))) {
throw new KyuubiException(
s"The file ${uri.getPath} to access is not in the local dir allow
list" +
s" [${localDirAllowList.mkString(",")}].")
diff --git
a/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/KyuubiApplicationManagerSuite.scala
b/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/KyuubiApplicationManagerSuite.scala
index 0f54520fc7..4fbc8874a6 100644
---
a/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/KyuubiApplicationManagerSuite.scala
+++
b/kyuubi-server/src/test/scala/org/apache/kyuubi/engine/KyuubiApplicationManagerSuite.scala
@@ -38,6 +38,13 @@ class KyuubiApplicationManagerSuite extends KyuubiFunSuite {
assert(e.getMessage.contains("is not in the local dir allow list"))
KyuubiApplicationManager.checkApplicationAccessPath(path,
noLocalDirLimitConf)
+ path = "/apache/kyuubi/../a.jar"
+ e = intercept[KyuubiException] {
+ KyuubiApplicationManager.checkApplicationAccessPath(path,
localDirLimitConf)
+ }
+ assert(e.getMessage.contains("is not in the local dir allow list"))
+ KyuubiApplicationManager.checkApplicationAccessPath(path,
noLocalDirLimitConf)
+
path = "hdfs:/apache/kyuubijar"
KyuubiApplicationManager.checkApplicationAccessPath(path,
localDirLimitConf)
KyuubiApplicationManager.checkApplicationAccessPath(path,
noLocalDirLimitConf)
