summaryrefslogtreecommitdiffstats
path: root/utils/provider/src
diff options
context:
space:
mode:
authorDan Timoney <dtimoney@att.com>2020-10-19 10:05:16 -0400
committerDan Timoney <dtimoney@att.com>2020-10-19 10:05:16 -0400
commitc72e5c56a6c05d3dd8acb71ff4525be4d6af7173 (patch)
treec7de478da9e54a5f2f0a6a3b4f436c8c818f17a2 /utils/provider/src
parentec2cdff3f96e7587c97b6fc9961fb108cf9c7e29 (diff)
Add file path validation
Add file path validation for EnvVarFileResolver. Refactored PathValidator to org.onap.ccsdk.sli.core.utils so it can be used here. Change-Id: Ibb50df0ad020cf376c1ce20e7b598f7ad7223d48 Issue-ID: CCSDK-2918 Signed-off-by: Dan Timoney <dtimoney@att.com>
Diffstat (limited to 'utils/provider/src')
-rwxr-xr-xutils/provider/src/main/java/org/onap/ccsdk/sli/core/utils/EnvVarFileResolver.java2
-rw-r--r--utils/provider/src/main/java/org/onap/ccsdk/sli/core/utils/PathValidator.java17
2 files changed, 18 insertions, 1 deletions
diff --git a/utils/provider/src/main/java/org/onap/ccsdk/sli/core/utils/EnvVarFileResolver.java b/utils/provider/src/main/java/org/onap/ccsdk/sli/core/utils/EnvVarFileResolver.java
index 669b3992b..29d35d6ef 100755
--- a/utils/provider/src/main/java/org/onap/ccsdk/sli/core/utils/EnvVarFileResolver.java
+++ b/utils/provider/src/main/java/org/onap/ccsdk/sli/core/utils/EnvVarFileResolver.java
@@ -62,7 +62,7 @@ public abstract class EnvVarFileResolver implements PropertiesFileResolver {
final File fileFromEnvVariable;
if (!Strings.isNullOrEmpty(propDirectoryFromEnvVariable)) {
fileFromEnvVariable = Paths.get(propDirectoryFromEnvVariable).resolve(filename).toFile();
- if(fileFromEnvVariable.exists()) {
+ if(PathValidator.isValidFilePath(fileFromEnvVariable.getAbsolutePath()) && fileFromEnvVariable.exists()) {
return Optional.of(fileFromEnvVariable);
}
}
diff --git a/utils/provider/src/main/java/org/onap/ccsdk/sli/core/utils/PathValidator.java b/utils/provider/src/main/java/org/onap/ccsdk/sli/core/utils/PathValidator.java
new file mode 100644
index 000000000..973525019
--- /dev/null
+++ b/utils/provider/src/main/java/org/onap/ccsdk/sli/core/utils/PathValidator.java
@@ -0,0 +1,17 @@
+package org.onap.ccsdk.sli.core.utils;
+import java.util.regex.Pattern;
+
+public class PathValidator {
+ public static boolean isValidXmlPath(String path) {
+ Pattern allowList = Pattern.compile("[-\\w/\\/]+\\.xml$");
+ return (allowList.matcher(path).matches());
+ }
+ public static boolean isValidPropertiesPath(String path) {
+ Pattern allowList = Pattern.compile("[-\\w/\\/]+\\.properties$");
+ return (allowList.matcher(path).matches());
+ }
+ public static boolean isValidFilePath(String path) {
+ Pattern allowList = Pattern.compile("[-\\w/\\/]+");
+ return (allowList.matcher(path).matches());
+ }
+}