Andrea Cosentino created CAMEL-23868:
----------------------------------------

             Summary: camel-file: make local work directory / starting 
directory containment checks path-boundary aware
                 Key: CAMEL-23868
                 URL: https://issues.apache.org/jira/browse/CAMEL-23868
             Project: Camel
          Issue Type: Improvement
          Components: camel-file
    Affects Versions: 4.21.0
            Reporter: Andrea Cosentino
            Assignee: Andrea Cosentino


The containment checks that keep a resolved file path inside a configured 
directory use a bare string prefix test:

- GenericFileHelper.jailToLocalWorkDirectory (introduced under CAMEL-23765) 
checks compactTarget.startsWith(compactWork).
- GenericFileProducer.jailedCheck uses the same 
compactAnswer.startsWith(compactBaseDir) shape.

A bare startsWith does not respect path-segment boundaries. When the compacted 
directory string has no trailing separator, a sibling directory whose name 
merely extends the configured directory's name (e.g. .../localwork vs 
.../localworkEVIL) still satisfies the prefix test even though it is a 
different directory. In jailToLocalWorkDirectory the work directory comes from 
File.getPath() (no trailing separator), so this edge is reachable; jailedCheck 
currently avoids it only incidentally, because baseDir is always normalized 
with a trailing separator.

Make both checks path-boundary aware so containment no longer depends on the 
incidental presence of a trailing separator:

{code:java}
boolean contained = compactTarget.equals(compactWork)
        || compactTarget.startsWith(compactWork + File.separator);
{code}

Files:
- 
components/camel-file/src/main/java/org/apache/camel/component/file/GenericFileHelper.java
 -- jailToLocalWorkDirectory
- 
components/camel-file/src/main/java/org/apache/camel/component/file/GenericFileProducer.java
 -- jailedCheck

Add a GenericFileHelperTest case for a name-prefixed sibling (e.g. 
../localworkEVIL/file.txt), which the existing ../-only tests do not exercise.

This continues the containment work introduced in CAMEL-23765.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to