Skip to content

Commit

Permalink
Amend the check on IllegalAttachmentFileNameException (#1215)
Browse files Browse the repository at this point in the history
Co-authored-by: bhou <bhou@netflix.com>
  • Loading branch information
bhou2 and bhou authored May 1, 2024
1 parent 2a82b59 commit 0dbdd3d
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 3 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -94,9 +94,9 @@ public Set<URI> saveAttachments(
final long attachmentSize = attachment.contentLength();
final String filename = attachment.getFilename();

if (filename != null && filename.contains("/")) {
if (filename != null && (filename.contains("/") || filename.contains("\\"))) {
throw new IllegalAttachmentFileNameException("Attachment filename " + filename + " is illegal. "
+ "It should not contain the char: /.");
+ "Filenames should not contain / or \\.");
}

if (attachmentSize > this.attachmentServiceProperties.getMaxSize().toBytes()) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -154,7 +154,7 @@ class LocalFileSystemAttachmentServiceImplSpec extends Specification {
thrown(SaveAttachmentException)
}
def "reject attachments with illegal filename"() {
def "reject attachments with illegal filename containing /"() {
Set<Resource> attachments = new HashSet<Resource>()
Resource attachment = Mockito.mock(Resource.class)
Mockito.doReturn("../../../root/breakout.file").when(attachment).getFilename()
Expand All @@ -166,4 +166,17 @@ class LocalFileSystemAttachmentServiceImplSpec extends Specification {
then:
thrown(IllegalAttachmentFileNameException)
}
def "reject attachments with illegal filename containing \\"() {
Set<Resource> attachments = new HashSet<Resource>()
Resource attachment = Mockito.mock(Resource.class)
Mockito.doReturn("c:\\root\\breakout.file").when(attachment).getFilename()
attachments.add(attachment)
when:
service.saveAttachments(null, attachments)
then:
thrown(IllegalAttachmentFileNameException)
}
}

0 comments on commit 0dbdd3d

Please # to comment.