[
https://issues.apache.org/jira/browse/SOLR-15169?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17289243#comment-17289243
]
Mike Drob commented on SOLR-15169:
----------------------------------
I'm not sure that it is a good idea to start allowing directory traversal for
the allowed paths. I don't have a specific proof of concept for the kind of
escalation it would allow, but intuitively something about it feels wrong.
That said, if we are going to do this, we should normalize when we add the path
elements in the CoreContainer constructor and store those, not doing the
normalize on each check.
I would also move the unit test to TestCoreContainer, we already have some
similar tests there, instead of creating a new class.
Will need to think some more about whether this is safe, though. Maybe somebody
else will be able to chime in with additional perspective.
> SolrPaths.assertPathAllowed normalization problem
> -------------------------------------------------
>
> Key: SOLR-15169
> URL: https://issues.apache.org/jira/browse/SOLR-15169
> Project: Solr
> Issue Type: Bug
> Reporter: Andras Salamon
> Priority: Minor
> Time Spent: 10m
> Remaining Estimate: 0h
>
> In the {{SolrPaths.assertPathAllowed}} the {{normalize()}} method is only
> called for {{pathToAssert}} and not for the {{allowPaths}} elements, which
> means that the following call gives SolrException:
> {noformat}
> SolrPaths.assertPathAllowed(Path.of("/a/b/../b/d"),
> Set.of(Path.of("/a/b/../b"), Path.of("/c"))); {noformat}
> even if "a/b/..b/" is a prefix of "/a/b/../b/d".
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org
