]> source.dussan.org Git - sonarqube.git/commitdiff
projects / sonarqube.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6f888d6)
SONAR-19192 Don't check file existence before verifying target directory (#8492)
authorWojtek Wajerowicz <115081248+wojciech-wajerowicz-sonarsource@users.noreply.github.com>
Thu, 8 Jun 2023 15:17:20 +0000 (17:17 +0200)
committersonartech <sonartech@sonarsource.com>
Thu, 8 Jun 2023 20:03:08 +0000 (20:03 +0000)
server/sonar-webserver-webapi/src/main/java/org/sonar/server/batch/BatchIndex.java patch | blob | history

diff --git a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/batch/BatchIndex.java b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/batch/BatchIndex.java
index 8ff47f416eac5442c28d2c3af095583d892d8023..2a547d22a11a10047a23270da29f5e88a3352639 100644 (file)
--- a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/batch/BatchIndex.java
+++ b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/batch/BatchIndex.java
@@ -25,6 +25,7 @@ import java.io.IOException;
 import java.util.Collection;
 import org.apache.commons.codec.digest.DigestUtils;
 import org.apache.commons.io.FileUtils;
+import org.apache.commons.io.FilenameUtils;
 import org.apache.commons.io.filefilter.FileFilterUtils;
 import org.apache.commons.io.filefilter.HiddenFileFilter;
 import org.apache.commons.lang.CharUtils;
@@ -81,7 +82,7 @@ public class BatchIndex implements Startable {
   File getFile(String filename) {
     try {
       File input = new File(batchDir, filename);
-      if (!input.exists() || !FileUtils.directoryContains(batchDir, input)) {
+      if (!FilenameUtils.directoryContains(batchDir.getCanonicalPath(), input.getCanonicalPath()) || !input.exists()) {
         throw new NotFoundException("Bad filename: " + filename);
       }
       return input;
Continuous Inspection: https://github.com/SonarSource/sonarqube