[GitHub] [solr] dsmiley commented on a diff in pull request #146: SOLR-15787: Implement FileSystemConfigSetService

GitBox Mon, 05 Dec 2022 17:46:35 -0800


dsmiley commented on code in PR #146:
URL: https://github.com/apache/solr/pull/146#discussion_r1040336243



##########
solr/core/src/java/org/apache/solr/core/FileSystemConfigSetService.java:
##########
@@ -287,9 +287,11 @@ public Long getCurrentSchemaModificationVersion(
   }
 
   protected Path getConfigDir(String configName) throws IOException {
-    String configSetDirPath = configSetBase.toFile().getCanonicalPath() + 
File.separator;
-    String path = Paths.get(configSetBase.toString(), 
configName).toFile().getCanonicalPath();
-    if (!path.startsWith(configSetDirPath)) {
+    String path =
+        Paths.get(configSetBase.toString(), FilenameUtils.getName(configName))
+            .toFile()
+            .getCanonicalPath();
+    if (!path.endsWith(configName)) {

Review Comment:
   Don't we want to check that the path *startsWith* the configSetBase?  I 
don't think we should care what it ends with.  Otherwise we could read a path 
like "../../../somewhereElse/configName" that the caller shouldn't have access 
to.



##########
solr/core/src/java/org/apache/solr/core/FileSystemConfigSetService.java:
##########
@@ -287,9 +287,11 @@ public Long getCurrentSchemaModificationVersion(
   }
 
   protected Path getConfigDir(String configName) throws IOException {
-    String configSetDirPath = configSetBase.toFile().getCanonicalPath() + 
File.separator;
-    String path = Paths.get(configSetBase.toString(), 
configName).toFile().getCanonicalPath();
-    if (!path.startsWith(configSetDirPath)) {
+    String path =
+        Paths.get(configSetBase.toString(), FilenameUtils.getName(configName))
+            .toFile()
+            .getCanonicalPath();

Review Comment:
   Why getCanonicalPath?



##########
solr/core/src/java/org/apache/solr/core/FileSystemConfigSetService.java:
##########
@@ -287,9 +287,11 @@ public Long getCurrentSchemaModificationVersion(
   }
 
   protected Path getConfigDir(String configName) throws IOException {
-    String configSetDirPath = configSetBase.toFile().getCanonicalPath() + 
File.separator;
-    String path = Paths.get(configSetBase.toString(), 
configName).toFile().getCanonicalPath();
-    if (!path.startsWith(configSetDirPath)) {
+    String path =
+        Paths.get(configSetBase.toString(), FilenameUtils.getName(configName))

Review Comment:
   If configName were "foo/bar", there shouldn't be anything fundamentally 
wrong with that.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[GitHub] [solr] dsmiley commented on a diff in pull request #146: SOLR-15787: Implement FileSystemConfigSetService

Reply via email to