This is an automated email from the ASF dual-hosted git repository. dsoumis pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 7fa56afd0afb11f38b7770ad21e85f552dabd9c9 Author: Dimitris Soumis <[email protected]> AuthorDate: Wed Apr 22 13:42:22 2026 +0300 Add a test in TestFileStore relevant to CVE-2022-23181 --- .../org/apache/catalina/session/TestFileStore.java | 33 ++++++++++++++++++++-- 1 file changed, 30 insertions(+), 3 deletions(-) diff --git a/test/org/apache/catalina/session/TestFileStore.java b/test/org/apache/catalina/session/TestFileStore.java index 711b5b7e78..6054723c56 100644 --- a/test/org/apache/catalina/session/TestFileStore.java +++ b/test/org/apache/catalina/session/TestFileStore.java @@ -26,6 +26,7 @@ import org.junit.BeforeClass; import org.junit.Test; import org.apache.catalina.Manager; +import org.apache.catalina.Session; import org.apache.catalina.startup.ExpandWar; import org.apache.tomcat.unittest.TesterContext; import org.apache.tomcat.unittest.TesterServletContext; @@ -35,9 +36,9 @@ public class TestFileStore { private static final String SESS_TEMPPATH = "SESS_TEMP"; private static final File dir = new File(SESS_TEMPPATH); private static FileStore fileStore; - private static File file1 = new File(SESS_TEMPPATH + "/tmp1.session"); - private static File file2 = new File(SESS_TEMPPATH + "/tmp2.session"); - private static Manager manager = new StandardManager(); + private static final File file1 = new File(SESS_TEMPPATH + "/tmp1.session"); + private static final File file2 = new File(SESS_TEMPPATH + "/tmp2.session"); + private static final Manager manager = new StandardManager(); @BeforeClass @@ -97,4 +98,30 @@ public class TestFileStore { fileStore.remove("tmp1"); Assert.assertEquals(1, fileStore.getSize()); } + + @Test + public void pathTraversalSessionId() throws Exception { + File storageDir = dir.getAbsoluteFile(); + File outsideFile = new File(storageDir.getParentFile(), "conf" + File.separator + "test.session"); + File outsideDir = outsideFile.getParentFile(); + boolean createdOutsideDir = false; + if (!outsideDir.exists()) { + Assert.assertTrue(outsideDir.mkdirs()); + createdOutsideDir = true; + } + Assert.assertTrue(outsideFile.createNewFile()); + + try { + Session session = fileStore.load("./../conf/test"); + Assert.assertNull(session); + + fileStore.remove("./../conf/test"); + Assert.assertTrue(outsideFile.exists()); + } finally { + Assert.assertTrue(outsideFile.delete()); + if (createdOutsideDir) { + Assert.assertTrue(outsideDir.delete()); + } + } + } } \ No newline at end of file --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
