[
https://issues.apache.org/jira/browse/SOLR-8873?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15227353#comment-15227353
]
Jan Høydahl commented on SOLR-8873:
-----------------------------------
[~tomasflobbe] I understand your concern to harden Solr wrt unexpected user
input in various ways.
Perhaps this issue could be re-targeted to adding test coverage including weird
file/path names for dataDir/instanceDir/ulogDir, so we validate that Solr
actually handles them well, or alternatively learn where we can improve?
> Enforce dataDir/instanceDir/ulogDir to be paths that contain only a
> controlled subset of characters
> ---------------------------------------------------------------------------------------------------
>
> Key: SOLR-8873
> URL: https://issues.apache.org/jira/browse/SOLR-8873
> Project: Solr
> Issue Type: Improvement
> Reporter: Tomás Fernández Löbbe
> Attachments: SOLR-8873.patch
>
>
> We currently support any valid path for dataDir/instanceDir/ulogDir. I think
> we should prevent special characters and restrict to a subset that is
> commonly used and tested.
> My initial proposals it to allow the Java pattern:
> {code:java}"^[a-zA-Z0-9\\.\\ \\\\\\-_/\"':]+$"{code} but I'm open to
> suggestions. I'm not sure if there can be issues with HDFS paths (this
> pattern does pass the tests we currently have), or some other use case I'm
> not considering.
> I also think our tests should use all those characters randomly.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
