Skip to content
This repository has been archived by the owner on Feb 23, 2024. It is now read-only.

馃殌 | Normalize use of files IO & prevent path traversal #1198

Open
bessonm opened this issue Dec 7, 2023 · 0 comments
Open

馃殌 | Normalize use of files IO & prevent path traversal #1198

bessonm opened this issue Dec 7, 2023 · 0 comments
Labels
enhancement New feature or request

Comments

@bessonm
Copy link
Member

bessonm commented Dec 7, 2023

Describe your use case

  1. There are many places doing file IO. Some are wrapped by com.chutneytesting.tools.file.FileUtils in module tools. But some are not.
  2. Prevent path traversal

Is your feature request related to a problem ?

No response

Describe the solution you'd like

If possible, wrap everything under FileUtils, add tests for this class and handle path traversal in it.

Most of the time, we know the path in which we are working. So a simple idea to prevent path traversal should be to check the parent path to the expected parent.
Something like
Paths.get(STORE_PATH + File.separator + USER_INPUT_PART).normalize().getParent().equals(Paths.get(STORE_PATH).normalize())

Link to examples

No response
@bessonm bessonm added the enhancement New feature or request label Dec 7, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@bessonm