diff options
author | Pamela Dragosh <pdragosh@research.att.com> | 2021-01-14 15:24:37 -0500 |
---|---|---|
committer | Pamela Dragosh <pdragosh@research.att.com> | 2021-01-14 15:56:22 -0500 |
commit | e72afd705e3e575161db480adc8fbc4ff71ba2b9 (patch) | |
tree | 5dd12188749b6d3390a4b468bd40dff3292d7cd0 | |
parent | bd1744d82d6e8d817d81f5ef607a8169c7c7591f (diff) |
Avoid path injection
Adding a check to ensure that a zip file cannot be corrupted
with a path injection to open a stream somewhere else in the
file system.
Issue-ID: POLICY-2908
Change-Id: Iaa75fc8c14831ad73fa7ab59c618909ff5af454c
Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
-rw-r--r-- | plugins/reception-plugins/src/main/java/org/onap/policy/distribution/reception/decoding/policy/file/PolicyDecoderFileInCsarToPolicy.java | 32 |
1 files changed, 29 insertions, 3 deletions
diff --git a/plugins/reception-plugins/src/main/java/org/onap/policy/distribution/reception/decoding/policy/file/PolicyDecoderFileInCsarToPolicy.java b/plugins/reception-plugins/src/main/java/org/onap/policy/distribution/reception/decoding/policy/file/PolicyDecoderFileInCsarToPolicy.java index 7dc16893..282578d0 100644 --- a/plugins/reception-plugins/src/main/java/org/onap/policy/distribution/reception/decoding/policy/file/PolicyDecoderFileInCsarToPolicy.java +++ b/plugins/reception-plugins/src/main/java/org/onap/policy/distribution/reception/decoding/policy/file/PolicyDecoderFileInCsarToPolicy.java @@ -2,7 +2,7 @@ * ============LICENSE_START======================================================= * Copyright (C) 2018 Ericsson. All rights reserved. * Copyright (C) 2019 Nordix Foundation. - * Modifications Copyright (C) 2020 AT&T Inc. + * Modifications Copyright (C) 2020-2021 AT&T Inc. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -23,6 +23,8 @@ package org.onap.policy.distribution.reception.decoding.policy.file; import java.io.IOException; +import java.nio.file.Path; +import java.nio.file.Paths; import java.util.ArrayList; import java.util.Collection; import java.util.Enumeration; @@ -76,8 +78,7 @@ public class PolicyDecoderFileInCsarToPolicy implements PolicyDecoder<Csar, Tosc final Enumeration<? extends ZipEntry> entries = zipFile.entries(); while (entries.hasMoreElements()) { final ZipEntry entry = entries.nextElement(); - if (entry.getName().contains(decoderParameters.getPolicyTypeFileName()) - || entry.getName().contains(decoderParameters.getPolicyFileName())) { + if (isZipEntryValid(entry, csar.getCsarPath())) { final ToscaServiceTemplate policy = coder.decode(zipFile.getInputStream(entry), ToscaServiceTemplate.class); policyList.add(policy); @@ -89,4 +90,29 @@ public class PolicyDecoderFileInCsarToPolicy implements PolicyDecoder<Csar, Tosc return policyList; } + + /** + * Method to filter out Policy type and Policy files. In addition, + * ensures validation of entries in the Zipfile. Attempts to solve path + * injection java security issues. + * + * @param entry the ZipEntry to check + * @param csarPath Absolute path to the csar the ZipEntry is in + * @return true if no injection detected, and it is a policy type or policy file. + */ + private boolean isZipEntryValid(ZipEntry entry, String csarPath) { + // + // We only care about policy types and policies + // + if (entry.getName().contains(decoderParameters.getPolicyTypeFileName()) + || entry.getName().contains(decoderParameters.getPolicyFileName())) { + // + // Now ensure that there is no path injection + // + Path path = Path.of(csarPath, entry.getName()).normalize(); + return path.startsWith(csarPath); + } + + return false; + } } |