(ofbiz-framework) branch release24.09 updated: Improved: Path traversal leading to RCE (OFBIZ-13092)

Tue, 14 Jan 2025 08:21:48 -0800 

This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch release24.09
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git


The following commit(s) were added to refs/heads/release24.09 by this push:
     new 916f3e3a1d Improved: Path traversal leading to RCE (OFBIZ-13092)
916f3e3a1d is described below

commit 916f3e3a1d56e3314efcdf750f893f66db11074f
Author: Jacques Le Roux <jacques.le.r...@les7arts.com>
AuthorDate: Tue Jan 14 17:17:49 2025 +0100

    Improved: Path traversal leading to RCE (OFBIZ-13092)
    
    No functional changes, just better formatting and renaming
    
    I did that after last commit, while reviewing all was OK in trunk and 24.09.
    I'll backport to 24.09 in order to ease future backporting
---
 .../main/java/org/apache/ofbiz/webapp/control/ControlFilter.java | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git 
a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ControlFilter.java
 
b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ControlFilter.java
index b7ab5c9338..cf47c120d4 100644
--- 
a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ControlFilter.java
+++ 
b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ControlFilter.java
@@ -171,20 +171,19 @@ public class ControlFilter extends HttpFilter {
                 queryString = URLDecoder.decode(queryString, "UTF-8");
                 if (UtilValidate.isUrl(queryString)
                         || 
!SecuredUpload.isValidText(queryString.toLowerCase(), 
SecuredUpload.getallowedTokens(), true)
-                        && isSolrTest()) {
+                                && isSolrTest()) {
                     Debug.logError("For security reason this URL is not 
accepted", MODULE);
                     throw new RuntimeException("For security reason this URL 
is not accepted");
                 }
             }
 
-            String initialURI = req.getRequestURI();
-            if (initialURI != null) { // Allow tests with Mockito. 
ControlFilterTests send null
+            if (uriWithContext != null) { // Allow tests with Mockito. 
ControlFilterTests send null
                 try {
-                    String uRIFiltered = new URI(initialURI)
+                    String uRIFiltered = new URI(uriWithContext)
                             .normalize().toString()
                             .replaceAll(";", "")
                             .replaceAll("(?i)%2e", "");
-                    if (!initialURI.equals(uRIFiltered)) {
+                    if (!uriWithContext.equals(uRIFiltered)) {
                         Debug.logError("For security reason this URL is not 
accepted", MODULE);
                         throw new RuntimeException("For security reason this 
URL is not accepted");
                     }

Reply via email to