Add code to validate path names.

Added code to validate path names to avoid possible attacks due to hidden/special characters and/or embedded new lines. Change-Id: I53d7266e44fbada1d9d5f458dfcdbc452801672c Issue-ID: CCSDK-2918 Signed-off-by: Dan Timoney <dtimoney@att.com>
author: Dan Timoney <dtimoney@att.com> 2020-10-16 11:22:11 -0400
committer: Dan Timoney <dtimoney@att.com> 2020-10-16 15:17:17 -0400
commit: ec2cdff3f96e7587c97b6fc9961fb108cf9c7e29 (patch)
tree: 49bcb281a63e499347c70a2fbe1b7a3feab408b2 /sli/common/src/main/java/org/onap/ccsdk/sli/core/sli/SvcLogicStoreFactory.java
parent: 368939e5f285dafeec594d58ba74c5bba0cc20d1 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/sli/common/src/main/java/org/onap/ccsdk/sli/core/sli/SvcLogicStoreFactory.java b/sli/common/src/main/java/org/onap/ccsdk/sli/core/sli/SvcLogicStoreFactory.java
index b73925dd..f682bb52 100644
--- a/sli/common/src/main/java/org/onap/ccsdk/sli/core/sli/SvcLogicStoreFactory.java
+++ b/sli/common/src/main/java/org/onap/ccsdk/sli/core/sli/SvcLogicStoreFactory.java
@@ -35,6 +35,9 @@ public class SvcLogicStoreFactory {
 
 	public static SvcLogicStore getSvcLogicStore(String propfile)
 			throws SvcLogicException {
+		if (!PathValidator.isValidPropertiesPath(propfile)) {
+			throw new ConfigurationException("Invalid property file name ("+propfile+")");
+		}
 		File propFile = new File(propfile);
 		if (!propFile.canRead()) {
 			throw new ConfigurationException("Cannot read property file "
author	Dan Timoney <dtimoney@att.com>	2020-10-16 11:22:11 -0400
committer	Dan Timoney <dtimoney@att.com>	2020-10-16 15:17:17 -0400
commit	ec2cdff3f96e7587c97b6fc9961fb108cf9c7e29 (patch)
tree	49bcb281a63e499347c70a2fbe1b7a3feab408b2 /sli/common/src/main/java/org/onap/ccsdk/sli/core/sli/SvcLogicStoreFactory.java
parent	368939e5f285dafeec594d58ba74c5bba0cc20d1 (diff)