-
Notifications
You must be signed in to change notification settings - Fork 1.4k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #6363 from grzesiek2010/disable_security_exception
Log error instead of throwing security exception
- Loading branch information
Showing
8 changed files
with
72 additions
and
55 deletions.
There are no files selected for viewing
26 changes: 26 additions & 0 deletions
26
androidshared/src/main/java/org/odk/collect/androidshared/utils/PathUtils.kt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
package org.odk.collect.androidshared.utils | ||
|
||
import timber.log.Timber | ||
import java.io.File | ||
|
||
object PathUtils { | ||
@JvmStatic | ||
fun getAbsoluteFilePath(dirPath: String, filePath: String): String { | ||
val absoluteFilePath = | ||
if (filePath.startsWith(dirPath)) filePath else dirPath + File.separator + filePath | ||
|
||
val canonicalAbsoluteFilePath = File(absoluteFilePath).canonicalPath | ||
val canonicalDirPath = File(dirPath).canonicalPath | ||
if (!canonicalAbsoluteFilePath.startsWith(canonicalDirPath)) { | ||
Timber.e( | ||
"Attempt to access file outside of Collect directory:\n" + | ||
"dirPath: $dirPath\n" + | ||
"filePath: $filePath\n" + | ||
"absoluteFilePath: $absoluteFilePath\n" + | ||
"canonicalAbsoluteFilePath: $canonicalAbsoluteFilePath\n" + | ||
"canonicalDirPath: $canonicalDirPath" | ||
) | ||
} | ||
return absoluteFilePath | ||
} | ||
} |
38 changes: 38 additions & 0 deletions
38
androidshared/src/test/java/org/odk/collect/androidshared/utils/PathUtilsTest.kt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
package org.odk.collect.androidshared.utils | ||
|
||
import org.hamcrest.MatcherAssert.assertThat | ||
import org.hamcrest.Matchers.equalTo | ||
import org.junit.Test | ||
import org.odk.collect.shared.TempFiles | ||
import java.io.File | ||
|
||
class PathUtilsTest { | ||
@Test | ||
fun `getAbsoluteFilePath() returns filePath prepended with dirPath`() { | ||
val path = PathUtils.getAbsoluteFilePath("/anotherRoot/anotherDir", "root/dir/file") | ||
assertThat(path, equalTo("/anotherRoot/anotherDir/root/dir/file")) | ||
} | ||
|
||
@Test | ||
fun `getAbsoluteFilePath() returns valid path when filePath does not start with seperator`() { | ||
val path = PathUtils.getAbsoluteFilePath("/root/dir", "file") | ||
assertThat(path, equalTo("/root/dir/file")) | ||
} | ||
|
||
@Test | ||
fun `getAbsoluteFilePath() returns filePath when it starts with dirPath`() { | ||
val path = PathUtils.getAbsoluteFilePath("/root/dir", "/root/dir/file") | ||
assertThat(path, equalTo("/root/dir/file")) | ||
} | ||
|
||
@Test | ||
fun `getAbsoluteFilePath() works when dirPath is not canonical`() { | ||
val tempDir = TempFiles.createTempDir() | ||
val nonCanonicalPath = | ||
tempDir.canonicalPath + File.separator + ".." + File.separator + tempDir.name | ||
assertThat(File(nonCanonicalPath).canonicalPath, equalTo(tempDir.canonicalPath)) | ||
|
||
val path = PathUtils.getAbsoluteFilePath(nonCanonicalPath, "file") | ||
assertThat(path, equalTo(nonCanonicalPath + File.separator + "file")) | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters