From 0dbdd3d05fdaa6820013ca3d7f360ec8f9dac3a3 Mon Sep 17 00:00:00 2001 From: Binbing Hou Date: Wed, 1 May 2024 15:57:20 -0700 Subject: [PATCH] Amend the check on IllegalAttachmentFileNameException (#1215) Co-authored-by: bhou --- .../LocalFileSystemAttachmentServiceImpl.java | 4 ++-- ...ocalFileSystemAttachmentServiceImplSpec.groovy | 15 ++++++++++++++- 2 files changed, 16 insertions(+), 3 deletions(-) diff --git a/genie-web/src/main/java/com/netflix/genie/web/services/impl/LocalFileSystemAttachmentServiceImpl.java b/genie-web/src/main/java/com/netflix/genie/web/services/impl/LocalFileSystemAttachmentServiceImpl.java index d303cdf47e..1d596ad92a 100644 --- a/genie-web/src/main/java/com/netflix/genie/web/services/impl/LocalFileSystemAttachmentServiceImpl.java +++ b/genie-web/src/main/java/com/netflix/genie/web/services/impl/LocalFileSystemAttachmentServiceImpl.java @@ -94,9 +94,9 @@ public Set saveAttachments( final long attachmentSize = attachment.contentLength(); final String filename = attachment.getFilename(); - if (filename != null && filename.contains("/")) { + if (filename != null && (filename.contains("/") || filename.contains("\\"))) { throw new IllegalAttachmentFileNameException("Attachment filename " + filename + " is illegal. " - + "It should not contain the char: /."); + + "Filenames should not contain / or \\."); } if (attachmentSize > this.attachmentServiceProperties.getMaxSize().toBytes()) { diff --git a/genie-web/src/test/groovy/com/netflix/genie/web/services/impl/LocalFileSystemAttachmentServiceImplSpec.groovy b/genie-web/src/test/groovy/com/netflix/genie/web/services/impl/LocalFileSystemAttachmentServiceImplSpec.groovy index b7271a19f6..75f9cc700d 100644 --- a/genie-web/src/test/groovy/com/netflix/genie/web/services/impl/LocalFileSystemAttachmentServiceImplSpec.groovy +++ b/genie-web/src/test/groovy/com/netflix/genie/web/services/impl/LocalFileSystemAttachmentServiceImplSpec.groovy @@ -154,7 +154,7 @@ class LocalFileSystemAttachmentServiceImplSpec extends Specification { thrown(SaveAttachmentException) } - def "reject attachments with illegal filename"() { + def "reject attachments with illegal filename containing /"() { Set attachments = new HashSet() Resource attachment = Mockito.mock(Resource.class) Mockito.doReturn("../../../root/breakout.file").when(attachment).getFilename() @@ -166,4 +166,17 @@ class LocalFileSystemAttachmentServiceImplSpec extends Specification { then: thrown(IllegalAttachmentFileNameException) } + + def "reject attachments with illegal filename containing \\"() { + Set attachments = new HashSet() + Resource attachment = Mockito.mock(Resource.class) + Mockito.doReturn("c:\\root\\breakout.file").when(attachment).getFilename() + attachments.add(attachment) + + when: + service.saveAttachments(null, attachments) + + then: + thrown(IllegalAttachmentFileNameException) + } }