Philip Zampino created KNOX-2643:
------------------------------------
Summary: TopologyService should validate descriptor and provider
config file paths
Key: KNOX-2643
URL: https://issues.apache.org/jira/browse/KNOX-2643
Project: Apache Knox
Issue Type: Bug
Components: Server
Affects Versions: 1.5.0
Reporter: Philip Zampino
Fix For: 1.6.0
DefaultTopologyService#deployProviderConfiguration andÂ
DefaultTopologyService#deployDescriptor blindly trust the file name without
validating that the location will be bound to the expected resource directory
(e.g., sharedProvidersDirectory, descriptorsDirectory).
Names that would place the file outside the expected location or intent (e.g.,
../gateway-site.xml) should be rejected.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
