SchemaFolder nested structure

[GabrieleGuelfi]

I have a SchemaFolder that contains nested folder with more .xsd files inside, it can be summarized as follows:

Trying to access one of TypesA-D.xsd files at the “http://localhost:3000/Service.ws?xsd&name=FolderA/FolderB/TypesB.xsd”, returns the following error everytime:

I think it is raised by the following code:

string xsdfile = httpContext.Request.Query["name"];
if (string.IsNullOrEmpty(xsdfile) || Path.GetFileName(xsdfile) != xsdfile)		{
	throw new ArgumentNullException("xsd parameter contains illegal values");
}

I tried to put every xsd file directly inside the schemaFolder and it works, unfortunately the folder structure is made mandatory by the customer and I cannot change it.

I would like to ask if there is any reason for this restriction and eventually add the possibility to have more folders inside the schema one.

Thanks!

[andersjonsson]

the if-statement is commented with "Check to prevent path traversal", so I assume that the restriction exists to prevent "../" and such, that could allow an attacker to access files outside of the xsd-path.

If you feel up for it you are more than welcome to fork the repo and add support for sub-directories. Should be possible to still have safeguards against path traversal by checking that the file exists within the xsd-directory (or its sub-directories)

[github-actions[bot]]

This issue is stale because it has been open for 30 days with no activity.

[github-actions[bot]]

This issue was closed because it has been inactive for 14 days since being marked as stale.