From c72e5c56a6c05d3dd8acb71ff4525be4d6af7173 Mon Sep 17 00:00:00 2001
From: Dan Timoney <dtimoney@att.com>
Date: Mon, 19 Oct 2020 10:05:16 -0400
Subject: Add file path validation

Add file path validation for EnvVarFileResolver.  Refactored
PathValidator to org.onap.ccsdk.sli.core.utils so it can be used here.

Change-Id: Ibb50df0ad020cf376c1ce20e7b598f7ad7223d48
Issue-ID: CCSDK-2918
Signed-off-by: Dan Timoney <dtimoney@att.com>
---
 .gitignore                                             |  1 +
 .../org/onap/ccsdk/sli/core/sli/CheckSumHelper.java    |  2 ++
 .../org/onap/ccsdk/sli/core/sli/PathValidator.java     | 18 ------------------
 .../org/onap/ccsdk/sli/core/sli/SvcLogicParser.java    |  1 +
 .../onap/ccsdk/sli/core/sli/SvcLogicStoreFactory.java  |  1 +
 .../ccsdk/sli/core/sli/recording/FileRecorder.java     |  2 +-
 .../onap/ccsdk/sli/core/utils/EnvVarFileResolver.java  |  2 +-
 .../org/onap/ccsdk/sli/core/utils/PathValidator.java   | 17 +++++++++++++++++
 8 files changed, 24 insertions(+), 20 deletions(-)
 delete mode 100644 sli/common/src/main/java/org/onap/ccsdk/sli/core/sli/PathValidator.java
 create mode 100644 utils/provider/src/main/java/org/onap/ccsdk/sli/core/utils/PathValidator.java

diff --git a/.gitignore b/.gitignore
index 610f8902..5a221b0f 100755
--- a/.gitignore
+++ b/.gitignore
@@ -10,6 +10,7 @@ org.eclipse.core.resources.prefs
 .checkstyle
 maven-eclipse.xml
 workspace
+.vscode
 
 ## Compilation Files ##
 *.class
diff --git a/sli/common/src/main/java/org/onap/ccsdk/sli/core/sli/CheckSumHelper.java b/sli/common/src/main/java/org/onap/ccsdk/sli/core/sli/CheckSumHelper.java
index 2f1f466c..9283cf65 100644
--- a/sli/common/src/main/java/org/onap/ccsdk/sli/core/sli/CheckSumHelper.java
+++ b/sli/common/src/main/java/org/onap/ccsdk/sli/core/sli/CheckSumHelper.java
@@ -28,6 +28,8 @@ import java.nio.file.Paths;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
 
+import org.onap.ccsdk.sli.core.utils.PathValidator;
+
 import javax.xml.bind.DatatypeConverter;
 
 public class CheckSumHelper {
diff --git a/sli/common/src/main/java/org/onap/ccsdk/sli/core/sli/PathValidator.java b/sli/common/src/main/java/org/onap/ccsdk/sli/core/sli/PathValidator.java
deleted file mode 100644
index 511dbca7..00000000
--- a/sli/common/src/main/java/org/onap/ccsdk/sli/core/sli/PathValidator.java
+++ /dev/null
@@ -1,18 +0,0 @@
-package org.onap.ccsdk.sli.core.sli;
-
-import java.util.regex.Pattern;
-
-public class PathValidator {
-    public static boolean isValidXmlPath(String path) {
-        Pattern allowList = Pattern.compile("[-\\w/\\/]+\\.xml$");
-        return (allowList.matcher(path).matches());
-    }
-    public static boolean isValidPropertiesPath(String path) {
-        Pattern allowList = Pattern.compile("[-\\w/\\/]+\\.properties$");
-        return (allowList.matcher(path).matches());
-    }
-    public static boolean isValidFilePath(String path) {
-        Pattern allowList = Pattern.compile("[-\\w/\\/]+");
-        return (allowList.matcher(path).matches());
-    }
-}
diff --git a/sli/common/src/main/java/org/onap/ccsdk/sli/core/sli/SvcLogicParser.java b/sli/common/src/main/java/org/onap/ccsdk/sli/core/sli/SvcLogicParser.java
index cb78ac2e..adec7b27 100644
--- a/sli/common/src/main/java/org/onap/ccsdk/sli/core/sli/SvcLogicParser.java
+++ b/sli/common/src/main/java/org/onap/ccsdk/sli/core/sli/SvcLogicParser.java
@@ -35,6 +35,7 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.xml.sax.*;
 import org.xml.sax.helpers.DefaultHandler;
+import org.onap.ccsdk.sli.core.utils.PathValidator;
 
 /**
  * @author dt5972
diff --git a/sli/common/src/main/java/org/onap/ccsdk/sli/core/sli/SvcLogicStoreFactory.java b/sli/common/src/main/java/org/onap/ccsdk/sli/core/sli/SvcLogicStoreFactory.java
index f682bb52..e0eb5730 100644
--- a/sli/common/src/main/java/org/onap/ccsdk/sli/core/sli/SvcLogicStoreFactory.java
+++ b/sli/common/src/main/java/org/onap/ccsdk/sli/core/sli/SvcLogicStoreFactory.java
@@ -26,6 +26,7 @@ import java.io.FileInputStream;
 import java.io.InputStream;
 import java.util.Properties;
 import org.onap.ccsdk.sli.core.dblib.DBResourceManager;
+import org.onap.ccsdk.sli.core.utils.PathValidator;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
diff --git a/sli/provider-base/src/main/java/org/onap/ccsdk/sli/core/sli/recording/FileRecorder.java b/sli/provider-base/src/main/java/org/onap/ccsdk/sli/core/sli/recording/FileRecorder.java
index ab6f8bcc..7d690e74 100644
--- a/sli/provider-base/src/main/java/org/onap/ccsdk/sli/core/sli/recording/FileRecorder.java
+++ b/sli/provider-base/src/main/java/org/onap/ccsdk/sli/core/sli/recording/FileRecorder.java
@@ -33,7 +33,7 @@ import java.util.Map;
 import java.util.TimeZone;
 
 import org.onap.ccsdk.sli.core.sli.ConfigurationException;
-import org.onap.ccsdk.sli.core.sli.PathValidator;
+import org.onap.ccsdk.sli.core.utils.PathValidator;
 import org.onap.ccsdk.sli.core.sli.SvcLogicException;
 import org.onap.ccsdk.sli.core.sli.SvcLogicRecorder;
 
diff --git a/utils/provider/src/main/java/org/onap/ccsdk/sli/core/utils/EnvVarFileResolver.java b/utils/provider/src/main/java/org/onap/ccsdk/sli/core/utils/EnvVarFileResolver.java
index 669b3992..29d35d6e 100755
--- a/utils/provider/src/main/java/org/onap/ccsdk/sli/core/utils/EnvVarFileResolver.java
+++ b/utils/provider/src/main/java/org/onap/ccsdk/sli/core/utils/EnvVarFileResolver.java
@@ -62,7 +62,7 @@ public abstract class EnvVarFileResolver implements PropertiesFileResolver {
         final File fileFromEnvVariable;
         if (!Strings.isNullOrEmpty(propDirectoryFromEnvVariable)) {
             fileFromEnvVariable = Paths.get(propDirectoryFromEnvVariable).resolve(filename).toFile();
-            if(fileFromEnvVariable.exists()) {
+            if(PathValidator.isValidFilePath(fileFromEnvVariable.getAbsolutePath()) && fileFromEnvVariable.exists()) {
                 return Optional.of(fileFromEnvVariable);
             }
         }
diff --git a/utils/provider/src/main/java/org/onap/ccsdk/sli/core/utils/PathValidator.java b/utils/provider/src/main/java/org/onap/ccsdk/sli/core/utils/PathValidator.java
new file mode 100644
index 00000000..97352501
--- /dev/null
+++ b/utils/provider/src/main/java/org/onap/ccsdk/sli/core/utils/PathValidator.java
@@ -0,0 +1,17 @@
+package org.onap.ccsdk.sli.core.utils;
+import java.util.regex.Pattern;
+
+public class PathValidator {
+    public static boolean isValidXmlPath(String path) {
+        Pattern allowList = Pattern.compile("[-\\w/\\/]+\\.xml$");
+        return (allowList.matcher(path).matches());
+    }
+    public static boolean isValidPropertiesPath(String path) {
+        Pattern allowList = Pattern.compile("[-\\w/\\/]+\\.properties$");
+        return (allowList.matcher(path).matches());
+    }
+    public static boolean isValidFilePath(String path) {
+        Pattern allowList = Pattern.compile("[-\\w/\\/]+");
+        return (allowList.matcher(path).matches());
+    }
+}
-- 
cgit 1.2.3-korg