Validate filepath and filename to prevent path traversal (#1604)

Validate filepath and filename to prevent path traversal in modification command and provide validations for editor plugin. Co-authored-by: René Pfeuffer <rene.pfeuffer@cloudogu.com>
2026-02-04 05:39:11 +01:00 · 2021-03-25 12:50:24 +01:00
parent 08549a37b1
commit d94ebb2e3e
12 changed files with 169 additions and 11 deletions
--- a/scm-plugins/scm-git-plugin/src/main/java/sonia/scm/repository/spi/GitModifyCommand.java
+++ b/scm-plugins/scm-git-plugin/src/main/java/sonia/scm/repository/spi/GitModifyCommand.java
@@ -176,6 +176,11 @@ public class GitModifyCommand extends AbstractGitCommand implements ModifyComman
      }
    }

+    @Override
+    public boolean isProtectedPath(Path path) {
+      return path.startsWith(getClone().getRepository().getDirectory().toPath().normalize());
+    }
+
    @Override
    public File getWorkDir() {
      return workDir;