fallintoplace opened a new issue, #333:
URL: https://github.com/apache/paimon-rust/issues/333
## Bug
`FileSystemCatalog` builds database and table paths from raw database and
object names. Names containing path-control segments such as `..`, `/`, or `\`
can make catalog operations derive paths outside the intended warehouse
namespace on local filesystem storage.
## Impact
Catalog operations such as create/drop/rename database or table can run
filesystem operations on paths derived from unsafe identifier input.
## Reproduction
Using a local filesystem warehouse:
1. Create a filesystem catalog with a warehouse under a temporary directory.
2. Call `create_database("../escaped", false, HashMap::new())`.
3. Observe that `escaped.db` is created next to the warehouse instead of
under it.
A table object name such as `../../table_escape` can similarly escape the
database directory.
## Expected behavior
Filesystem catalog identifiers should reject path-control names before path
construction. At minimum, empty/whitespace-only names, `.`, `..`, path
separators, and control characters should be rejected with `IdentifierInvalid`.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
