[JIRA] [core] (JENKINS-26838) Utility API to check if a file is physically inside a given directory

jgl...@cloudbees.com (JIRA) Thu, 19 Mar 2015 08:04:53 -0700

Does not suffice. First of all, it assumes the child exists, which many legitimate use cases cannot assume. Second, it is buggy:

$ mkdir -p /tmp/basedir && touch /tmp/basedir-attacked && jrunscript -classpath ~/.m2/repository/commons-io/commons-io/2.4/commons-io-2.4.jar -e 'println(org.apache.commons.io.FileUtils.directoryContains(new java.io.File("/tmp/basedir"), new java.io.File("/tmp/basedir-attacked")))'
true

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators.
For more information on JIRA, see: http://www.atlassian.com/software/jira

--
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[JIRA] [core] (JENKINS-26838) Utility API to check if a file is physically inside a given directory

Reply via email to