diff options
| author |   Dan Timoney <dtimoney@att.com> | 2020-10-19 10:05:16 -0400 |
|---|---|---|
| committer | Dan Timoney <dtimoney@att.com> | 2020-10-19 10:05:16 -0400 |
| commit | c72e5c56a6c05d3dd8acb71ff4525be4d6af7173 (patch) | |
| tree | c7de478da9e54a5f2f0a6a3b4f436c8c818f17a2 /utils | |
| parent | ec2cdff3f96e7587c97b6fc9961fb108cf9c7e29 (diff) | |
Add file path validation
Add file path validation for EnvVarFileResolver. Refactored
PathValidator to org.onap.ccsdk.sli.core.utils so it can be used here.
Change-Id: Ibb50df0ad020cf376c1ce20e7b598f7ad7223d48
Issue-ID: CCSDK-2918
Signed-off-by: Dan Timoney <dtimoney@att.com>
Diffstat (limited to 'utils')
| -rwxr-xr-x | utils/provider/src/main/java/org/onap/ccsdk/sli/core/utils/EnvVarFileResolver.java | 2 | ||||
| -rw-r--r-- | utils/provider/src/main/java/org/onap/ccsdk/sli/core/utils/PathValidator.java | 17 |
2 files changed, 18 insertions, 1 deletions
diff --git a/utils/provider/src/main/java/org/onap/ccsdk/sli/core/utils/EnvVarFileResolver.java b/utils/provider/src/main/java/org/onap/ccsdk/sli/core/utils/EnvVarFileResolver.java index 669b3992b..29d35d6ef 100755 --- a/utils/provider/src/main/java/org/onap/ccsdk/sli/core/utils/EnvVarFileResolver.java +++ b/utils/provider/src/main/java/org/onap/ccsdk/sli/core/utils/EnvVarFileResolver.java @@ -62,7 +62,7 @@ public abstract class EnvVarFileResolver implements PropertiesFileResolver { final File fileFromEnvVariable; if (!Strings.isNullOrEmpty(propDirectoryFromEnvVariable)) { fileFromEnvVariable = Paths.get(propDirectoryFromEnvVariable).resolve(filename).toFile(); - if(fileFromEnvVariable.exists()) { + if(PathValidator.isValidFilePath(fileFromEnvVariable.getAbsolutePath()) && fileFromEnvVariable.exists()) { return Optional.of(fileFromEnvVariable); } } diff --git a/utils/provider/src/main/java/org/onap/ccsdk/sli/core/utils/PathValidator.java b/utils/provider/src/main/java/org/onap/ccsdk/sli/core/utils/PathValidator.java new file mode 100644 index 000000000..973525019 --- /dev/null +++ b/utils/provider/src/main/java/org/onap/ccsdk/sli/core/utils/PathValidator.java @@ -0,0 +1,17 @@ +package org.onap.ccsdk.sli.core.utils; +import java.util.regex.Pattern; + +public class PathValidator { + public static boolean isValidXmlPath(String path) { + Pattern allowList = Pattern.compile("[-\\w/\\/]+\\.xml$"); + return (allowList.matcher(path).matches()); + } + public static boolean isValidPropertiesPath(String path) { + Pattern allowList = Pattern.compile("[-\\w/\\/]+\\.properties$"); + return (allowList.matcher(path).matches()); + } + public static boolean isValidFilePath(String path) { + Pattern allowList = Pattern.compile("[-\\w/\\/]+"); + return (allowList.matcher(path).matches()); + } +} |