From: Wojtek Wajerowicz <115081248+wojciech-wajerowicz-sonarsource@users.noreply.github.com>
Date: Thu, 8 Jun 2023 15:17:20 +0000 (+0200)
Subject: SONAR-19192 Don't check file existence before verifying target directory (#8492)
X-Git-Tag: 10.1.0.73491~128
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=e296e5f72162496de7df40a7c5ed5899e8becca8;p=sonarqube.git

SONAR-19192 Don't check file existence before verifying target directory (#8492)
---

diff --git a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/batch/BatchIndex.java b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/batch/BatchIndex.java
index 8ff47f416ea..2a547d22a11 100644
--- a/server/sonar-webserver-webapi/src/main/java/org/sonar/server/batch/BatchIndex.java
+++ b/server/sonar-webserver-webapi/src/main/java/org/sonar/server/batch/BatchIndex.java
@@ -25,6 +25,7 @@ import java.io.IOException;
 import java.util.Collection;
 import org.apache.commons.codec.digest.DigestUtils;
 import org.apache.commons.io.FileUtils;
+import org.apache.commons.io.FilenameUtils;
 import org.apache.commons.io.filefilter.FileFilterUtils;
 import org.apache.commons.io.filefilter.HiddenFileFilter;
 import org.apache.commons.lang.CharUtils;
@@ -81,7 +82,7 @@ public class BatchIndex implements Startable {
   File getFile(String filename) {
     try {
       File input = new File(batchDir, filename);
-      if (!input.exists() || !FileUtils.directoryContains(batchDir, input)) {
+      if (!FilenameUtils.directoryContains(batchDir.getCanonicalPath(), input.getCanonicalPath()) || !input.exists()) {
         throw new NotFoundException("Bad filename: " + filename);
       }
       return input;