From d52dfc25d592b3e88ace4bcd30aff1fb665b88e5 Mon Sep 17 00:00:00 2001 From: Florian Zschocke Date: Mon, 10 Jun 2019 16:37:15 +0200 Subject: Do not resolve symbolic links to repositories. When symbolic links under the base repository folder point to repositories outside the base repository folder, the forming of relative repository names failed and resulted in NullPointerExceptions. Create the relative path by not following symbolic links, i.e. the link name is taken as is and not resolved to the external path. This also changes the whole `exactPath` method to work on Paths, instead of Files. Fixes #891 and fixes #837. --- src/main/java/com/gitblit/utils/FileUtils.java | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) (limited to 'src/main/java/com/gitblit/utils/FileUtils.java') diff --git a/src/main/java/com/gitblit/utils/FileUtils.java b/src/main/java/com/gitblit/utils/FileUtils.java index ad2509d0..0a12229c 100644 --- a/src/main/java/com/gitblit/utils/FileUtils.java +++ b/src/main/java/com/gitblit/utils/FileUtils.java @@ -26,6 +26,7 @@ import java.io.IOException; import java.io.InputStreamReader; import java.io.OutputStreamWriter; import java.nio.charset.Charset; +import java.nio.file.LinkOption; import java.nio.file.Path; import java.nio.file.Paths; @@ -302,8 +303,8 @@ public class FileUtils { * @return a relative path from basePath to path */ public static String getRelativePath(File basePath, File path) { - Path exactBase = Paths.get(getExactFile(basePath).toURI()); - Path exactPath = Paths.get(getExactFile(path).toURI()); + Path exactBase = getExactPath(basePath); + Path exactPath = getExactPath(path); if (exactPath.startsWith(exactBase)) { return exactBase.relativize(exactPath).toString().replace('\\', '/'); } @@ -312,20 +313,28 @@ public class FileUtils { } /** - * Returns the exact path for a file. This path will be the canonical path - * unless an exception is thrown in which case it will be the absolute path. + * Returns the exact path for a file. This path will be the real path + * with symbolic links unresolved. If that produces an IOException, + * the path will be the canonical path unless an exception is thrown + * in which case it will be the absolute path. * * @param path * @return the exact file */ - public static File getExactFile(File path) { + private static Path getExactPath(File path) { try { - return path.getCanonicalFile(); + return path.toPath().toRealPath(LinkOption.NOFOLLOW_LINKS); } catch (IOException e) { - return path.getAbsoluteFile(); + // ignored, try next option + } + try { + return Paths.get(path.getCanonicalPath()); + } catch (IOException e) { + return Paths.get(path.getAbsolutePath()); } } + public static File resolveParameter(String parameter, File aFolder, String path) { if (aFolder == null) { // strip any parameter reference -- cgit v1.2.3