chutney-legacy icon indicating copy to clipboard operation
chutney-legacy copied to clipboard

Published 20 hours ago • verified publisher icon chutney-testing

🚀 | Normalize use of files IO & prevent path traversal

Open bessonm opened this issue 1 year ago • 0 comments

Describe your use case

  1. There are many places doing file IO. Some are wrapped by com.chutneytesting.tools.file.FileUtils in module tools. But some are not.
  2. Prevent path traversal

Is your feature request related to a problem ?

No response

Describe the solution you'd like

If possible, wrap everything under FileUtils, add tests for this class and handle path traversal in it.

Most of the time, we know the path in which we are working. So a simple idea to prevent path traversal should be to check the parent path to the expected parent. Something like Paths.get(STORE_PATH + File.separator + USER_INPUT_PART).normalize().getParent().equals(Paths.get(STORE_PATH).normalize())

Link to examples

No response

bessonm avatar Dec 07 '23 15:12 bessonm