Skip to content

Commit

Permalink
[HOTFIX] Validate note name (apache#4632)
Browse files Browse the repository at this point in the history
* [HOTFIX] Validate note name

* [HOTFIX] Validate note name

* [HOTFIX] Validate note name

* Update zeppelin-server/src/test/java/org/apache/zeppelin/service/NotebookServiceTest.java

Co-authored-by: Philipp Dallig <philipp.dallig@gmail.com>

* Update zeppelin-server/src/main/java/org/apache/zeppelin/service/NotebookService.java

Co-authored-by: Philipp Dallig <philipp.dallig@gmail.com>

* [HOTFIX] Fix commented

---------

Co-authored-by: Philipp Dallig <philipp.dallig@gmail.com>
  • Loading branch information
2 people authored and akoira committed Feb 1, 2024
1 parent 4c3ebe5 commit 1d55edd
Show file tree
Hide file tree
Showing 2 changed files with 20 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,8 @@
import static org.apache.zeppelin.scheduler.Job.Status.ABORT;

import java.io.IOException;
import java.net.URLDecoder;
import java.nio.charset.StandardCharsets;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.time.Instant;
Expand Down Expand Up @@ -236,6 +238,12 @@ String normalizeNotePath(String notePath) throws IOException {
}

notePath = notePath.replace("\r", " ").replace("\n", " ");

notePath = URLDecoder.decode(notePath, StandardCharsets.UTF_8.toString());
if (notePath.endsWith("/")) {
throw new IOException("Note name shouldn't end with '/'");
}

int pos = notePath.lastIndexOf("/");
if ((notePath.length() - pos) > 255) {
throw new IOException("Note name must be less than 255");
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -528,5 +528,17 @@ void testNormalizeNotePath() throws IOException {
} catch (IOException e) {
assertEquals("Note name can not contain '..'", e.getMessage());
}
try {
notebookService.normalizeNotePath("%2e%2e/%2e%2e/tmp/test222");
fail("Should fail");
} catch (IOException e) {
assertEquals("Note name can not contain '..'", e.getMessage());
}
try {
notebookService.normalizeNotePath("./");
fail("Should fail");
} catch (IOException e) {
assertEquals("Note name shouldn't end with '/'", e.getMessage());
}
}
}

0 comments on commit 1d55edd

Please # to comment.