This is an automated email from the ASF dual-hosted git repository.
weimer pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/reef.git
The following commit(s) were added to refs/heads/master by this push:
new 54949bd [REEF-2019] Enforce uncompressed files are within the current
directory (#1463)
54949bd is described below
commit 54949bdd5754795456e8e54309438fefaa8d5012
Author: Gyewon Lee <[email protected]>
AuthorDate: Mon Jun 4 00:34:27 2018 +0900
[REEF-2019] Enforce uncompressed files are within the current directory
(#1463)
JIRA: [REEF-2019](https://issues.apache.org/jira/browse/REEF-2019)
Pull Request:
This closes #1463
---
.../apache/reef/runtime/azbatch/evaluator/EvaluatorShim.java | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git
a/lang/java/reef-runtime-azbatch/src/main/java/org/apache/reef/runtime/azbatch/evaluator/EvaluatorShim.java
b/lang/java/reef-runtime-azbatch/src/main/java/org/apache/reef/runtime/azbatch/evaluator/EvaluatorShim.java
index 1579c26..361d65b 100644
---
a/lang/java/reef-runtime-azbatch/src/main/java/org/apache/reef/runtime/azbatch/evaluator/EvaluatorShim.java
+++
b/lang/java/reef-runtime-azbatch/src/main/java/org/apache/reef/runtime/azbatch/evaluator/EvaluatorShim.java
@@ -44,7 +44,7 @@ import java.io.IOException;
import java.io.InputStream;
import java.net.URI;
import java.nio.file.Files;
-import java.nio.file.Paths;
+import java.nio.file.Path;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.List;
@@ -277,9 +277,14 @@ public final class EvaluatorShim
private void extractFiles(final File zipFile) throws IOException {
try (ZipFile zipFileHandle = new ZipFile(zipFile)) {
Enumeration<? extends ZipEntry> zipEntries = zipFileHandle.entries();
+ Path reefPath = this.reefFileNames.getREEFFolder().toPath();
while (zipEntries.hasMoreElements()) {
ZipEntry zipEntry = zipEntries.nextElement();
- File file = new File(this.reefFileNames.getREEFFolderName() + '/' +
zipEntry.getName());
+ Path destination = new File(this.reefFileNames.getREEFFolder(),
zipEntry.getName()).toPath();
+ if (!destination.startsWith(reefPath)) {
+ throw new IOException("Trying to unzip a file outside of the
destination folder: " + destination);
+ }
+ File file = destination.toFile();
if (file.exists()) {
LOG.log(Level.INFO, "Skipping entry {0} because the file already
exists.", zipEntry.getName());
} else {
@@ -292,7 +297,7 @@ public final class EvaluatorShim
} else {
try (InputStream inputStream =
zipFileHandle.getInputStream(zipEntry)) {
LOG.log(Level.INFO, "Extracting {0}.", zipEntry.getName());
- Files.copy(inputStream,
Paths.get(this.reefFileNames.getREEFFolderName() + '/' + zipEntry.getName()));
+ Files.copy(inputStream, destination);
LOG.log(Level.INFO, "Extracting {0} completed.",
zipEntry.getName());
}
}
--
To stop receiving notification emails like this one, please contact
[email protected].
