[cp-patches] RFC: Checking file resource validity by walking path components

Gary Benson gbenson at redhat.com
Thu Mar 9 13:50:49 UTC 2006


Olivier Jolly wrote:
> the current implementation which retrieves a File resource allows
> to retrieve Files which are located "above" the root dir (imagine
> ClassLoader.getResource("../../../etc/passwd")) while it shouldn't
> (hence the current regression in
> gnu.testlet.java.net.URLClassLoader.getResource about '..').

Well spotted :)

> I propose to check the validity of a File resource by walking through
> all the path components and making sure that all intermediate components
> are valid (ie File.isDirectory and File.exists are true) and that we
> never try to get "out" the root directory.

What you describe is mostly implemented in File.getCanonicalPath().
A fix for your issue might be as simple as:

  String base = new File(ROOT).getCanonicalPath() + File.separator;
  String resource = new File(ROOT, RESOURCE).getCanonicalPath();
  if (!resource.startsWith(base))
    throw new Whatever();

where ROOT and RESOURCE are the classloader root and the resource
you're after, respectively.
    
> I only consider ".." as a way to escaping the root directory, it
> may be more complex than that ...

There are symbolic links to consider too. File.getCanonicalPath()
should handle them.

Cheers,
Gary



More information about the Classpath-patches mailing list