[GitHub] [zeppelin] xufengnian edited a comment on pull request #4282: [ZEPPELIN-5624] Check if the path directory is compliant.

GitBox Thu, 27 Jan 2022 23:58:13 -0800


xufengnian edited a comment on pull request #4282:
URL: https://github.com/apache/zeppelin/pull/4282#issuecomment-1023970671



   Are you sure this way can really delete zeppelin application directory?
   I just try same way in zeppelin 0.9.0 with docker,but it can not delete any 
directory.
   As this log，any  id from the REST request will be deleted.but Function 
'FileUtils.deleteDirectory' seem can not delete directory in used
   
![image](https://user-images.githubusercontent.com/15324125/151507952-e2ab13e8-5271-4c3a-9fc5-87027bb9b4cd.png)
   By the way，if only check the id contains("..")，attacker maybe try to use 
"%2e%2e",so it's useless
   
![image](https://user-images.githubusercontent.com/15324125/151508934-3b926260-68c6-4ae7-a626-0b173aeffc7f.png)
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@zeppelin.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [zeppelin] xufengnian edited a comment on pull request #4282: [ZEPPELIN-5624] Check if the path directory is compliant.

Reply via email to