gaul commented on code in PR #203:
URL: https://github.com/apache/jclouds/pull/203#discussion_r1564561709
##########
apis/filesystem/src/main/java/org/jclouds/filesystem/predicates/validators/internal/FilesystemBlobKeyValidatorImpl.java:
##########
@@ -38,6 +38,8 @@ public void validate(String name) throws
IllegalArgumentException {
//blobkey cannot start with / (or \ in Windows) character
if (name.startsWith("\\") || name.startsWith("/"))
throw new IllegalArgumentException("Blob key '" + name + "' cannot
start with \\ or /");
+ if (name.contains("../"))
+ throw new IllegalArgumentException("Blob key '" + name + "' cannot
contain ../");
Review Comment:
Why is this different than the container name validator? For robustness
should this tokenize the path via `/` then check each component to see if one
contains `.` or `..`? This would allow keys like `..foo` to work.
##########
apis/filesystem/src/main/java/org/jclouds/filesystem/strategy/internal/FilesystemStorageStrategyImpl.java:
##########
@@ -691,6 +698,8 @@ public BlobAccess getBlobAccess(String containerName,
String blobName) {
@Override
public void setBlobAccess(String container, String name, BlobAccess access)
{
+ filesystemContainerNameValidator.validate(container);
+ filesystemBlobKeyValidator.validate(name);
Review Comment:
Should this also apply to `getBlobAccess`, `putBlob`, and `removeBlob`?
`getBlobKeysInsideContainer` too I guess.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
