mirrors/onos
1
0
Fork 0
mirror of https://github.com/opennetworkinglab/onos.git synced 2025-12-27 20:22:09 +01:00
Code Issues Projects Releases Wiki Activity

Fix for OS-13 - don't allow app pathnames to leave the app root

Browse Source 
Change-Id: I6bb7be6df8be3dced903f72cef4600532cb118a3
(cherry picked from commit 10e606aab45365b15f2533e0e92d5047ac6a84fe)
This commit is contained in:
Ray Milkey 2018-07-08 10:06:19 -07:00 committed by Thomas Vachuska
parent 5b66ce0da3
commit 4b19da6ce9
1 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
core/common/src/main/java/org/onosproject/common/app/ApplicationArchive.java
View File

@ -233,13 +233,17 @@ public class ApplicationArchive
return new String(bytes, 0, Math.min(bytes.length, length), StandardCharsets.UTF_8);
}
private String filterAppNameForFilesystem(String name) {
return name.replace("/", "^");
}
/**
* Purges the application archive directory.
*
* @param appName application name
*/
public synchronized void purgeApplication(String appName) {
File appDir = new File(appsDir, appName);
File appDir = new File(appsDir, filterAppNameForFilesystem(appName));
try {
Tools.removeDirectory(appDir);
} catch (IOException e) {
@ -353,7 +357,7 @@ public class ApplicationArchive
boolean isSelfContained = false;
ZipInputStream zis = new ZipInputStream(stream);
ZipEntry entry;
File appDir = new File(appsDir, desc.name());
File appDir = new File(appsDir, filterAppNameForFilesystem(desc.name()));
while ((entry = zis.getNextEntry()) != null) {
if (!entry.isDirectory()) {
byte[] data = ByteStreams.toByteArray(zis);
@ -437,7 +441,7 @@ public class ApplicationArchive
private void saveApplication(InputStream stream, ApplicationDescription desc,
boolean isSelfContainedJar)
throws IOException {
String name = desc.name() + (isSelfContainedJar ? JAR : OAR);
String name = filterAppNameForFilesystem(desc.name()) + (isSelfContainedJar ? JAR : OAR);
Files.write(toByteArray(stream), appFile(desc.name(), name));
}
@ -499,7 +503,7 @@ public class ApplicationArchive
// Returns the name of the file located under the specified app directory.
private File appFile(String appName, String fileName) {
return new File(new File(appsDir, appName), fileName);
return new File(new File(appsDir, filterAppNameForFilesystem(appName)), fileName);
}
// Returns the icon file located under the specified app directory.