[solr] branch main updated: SOLR-15169 SolrPaths.assertPathAllowed normalization problem (#22)

Sun, 11 Apr 2021 09:22:25 -0700 

This is an automated email from the ASF dual-hosted git repository.

janhoy pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/solr.git


The following commit(s) were added to refs/heads/main by this push:
     new 963a81d  SOLR-15169 SolrPaths.assertPathAllowed normalization problem 
(#22)
963a81d is described below

commit 963a81de14535139a637d901875c25760d14da8a
Author: AndrĂ¡s Salamon <[email protected]>
AuthorDate: Sun Apr 11 18:22:11 2021 +0200

    SOLR-15169 SolrPaths.assertPathAllowed normalization problem (#22)
---
 solr/CHANGES.txt                                   |  2 ++
 .../java/org/apache/solr/core/CoreContainer.java   | 17 +++++++++++++----
 .../org/apache/solr/core/TestCoreContainer.java    | 22 ++++++++++++++++++++++
 3 files changed, 37 insertions(+), 4 deletions(-)

diff --git a/solr/CHANGES.txt b/solr/CHANGES.txt
index f83b9fd..291fae0 100644
--- a/solr/CHANGES.txt
+++ b/solr/CHANGES.txt
@@ -242,6 +242,8 @@ Other Changes
 
 * SOLR-15121: Move XSLT (tr param) response writer and update request handler 
to scripting contrib.  (Eric Pugh, David Smiley)
 
+* SOLR-15169: SolrPaths.assertPathAllowed normalization problem (Andras 
Salamon via janhoy)
+
 * SOLR-15292: SignatureUpdateProcessorFactory will fail to initialize if it is 
used in a SolrCloud cluster in a way that is
   known to be problematic with multiple replicas.  (hossman)
 
diff --git a/solr/core/src/java/org/apache/solr/core/CoreContainer.java 
b/solr/core/src/java/org/apache/solr/core/CoreContainer.java
index 0e6126e..88c71f5 100644
--- a/solr/core/src/java/org/apache/solr/core/CoreContainer.java
+++ b/solr/core/src/java/org/apache/solr/core/CoreContainer.java
@@ -43,6 +43,7 @@ import java.util.concurrent.ExecutorService;
 import java.util.concurrent.Future;
 import java.util.concurrent.TimeoutException;
 import java.util.function.Supplier;
+import java.util.stream.Collectors;
 
 import com.google.common.annotations.VisibleForTesting;
 import com.google.common.collect.ImmutableMap;
@@ -373,13 +374,13 @@ public class CoreContainer {
             new SolrNamedThreadFactory("replayUpdatesExecutor")));
 
     this.allowPaths = new java.util.HashSet<>();
-    this.allowPaths.add(cfg.getSolrHome());
-    this.allowPaths.add(cfg.getCoreRootDirectory());
+    addToAllowPath(cfg.getSolrHome());
+    addToAllowPath(cfg.getCoreRootDirectory());
     if (cfg.getSolrDataHome() != null) {
-      this.allowPaths.add(cfg.getSolrDataHome());
+      addToAllowPath(cfg.getSolrDataHome());
     }
     if (!cfg.getAllowPaths().isEmpty()) {
-      this.allowPaths.addAll(cfg.getAllowPaths());
+      addAllToAllowPath(cfg.getAllowPaths());
       if (log.isInfoEnabled()) {
         log.info("Allowing use of paths: {}", cfg.getAllowPaths());
       }
@@ -393,6 +394,14 @@ public class CoreContainer {
     }
   }
 
+  private void addToAllowPath(Path path) {
+    this.allowPaths.add(path.normalize());
+  }
+
+  private void addAllToAllowPath(Set<Path> paths) {
+    this.allowPaths.addAll(paths.stream().map( path -> 
path.normalize()).collect(Collectors.toSet()));
+  }
+
   @SuppressWarnings({"unchecked"})
   private synchronized void initializeAuthorizationPlugin(Map<String, Object> 
authorizationConf) {
     authorizationConf = Utils.getDeepCopy(authorizationConf, 4);
diff --git a/solr/core/src/test/org/apache/solr/core/TestCoreContainer.java 
b/solr/core/src/test/org/apache/solr/core/TestCoreContainer.java
index 2d408f2..1dc977e 100644
--- a/solr/core/src/test/org/apache/solr/core/TestCoreContainer.java
+++ b/solr/core/src/test/org/apache/solr/core/TestCoreContainer.java
@@ -609,6 +609,28 @@ public class TestCoreContainer extends SolrTestCaseJ4 {
     assertPathBlocked("\\\\unc-server\\share\\path");
   }
 
+  @Test
+  public void assertAllowPathNormalization() throws Exception {
+    Assume.assumeFalse(OS.isFamilyWindows());
+    System.setProperty("solr.allowPaths", "/var/solr/../solr");
+    CoreContainer cc = init(ALLOW_PATHS_SOLR_XML);
+    cc.assertPathAllowed(Paths.get("/var/solr/foo"));
+    assertThrows("Path /tmp should not be allowed", SolrException.class, () -> 
{ cc.assertPathAllowed(Paths.get("/tmp")); });
+    cc.shutdown();
+    System.clearProperty("solr.allowPaths");
+  }
+
+  @Test
+  public void assertAllowPathNormalizationWin() throws Exception {
+    Assume.assumeTrue(OS.isFamilyWindows());
+    System.setProperty("solr.allowPaths", "C:\\solr\\..\\solr");
+    CoreContainer cc = init(ALLOW_PATHS_SOLR_XML);
+    cc.assertPathAllowed(Paths.get("C:\\solr\\foo"));
+    assertThrows("Path C:\\tmp should not be allowed", SolrException.class, () 
-> { cc.assertPathAllowed(Paths.get("C:\\tmp")); });
+    cc.shutdown();
+    System.clearProperty("solr.allowPaths");
+  }
+
   private static Set<Path> ALLOWED_PATHS = Set.of(Path.of("/var/solr"));
   private static Set<Path> ALLOWED_PATHS_WIN = 
Set.of(Path.of("C:\\var\\solr"));

Reply via email to