From eb2cfe945c1492503b086606734530550630d31f Mon Sep 17 00:00:00 2001 From: Brendan Burns Date: Thu, 10 Dec 2020 00:19:02 +0000 Subject: [PATCH] Add path normalization for archive files. --- pom.xml | 12 +++++++++--- util/pom.xml | 4 ++++ util/src/main/java/io/kubernetes/client/Copy.java | 7 ++++++- 3 files changed, 19 insertions(+), 4 deletions(-) diff --git a/pom.xml b/pom.xml index c1fce315bb..3ccb7b5dd0 100644 --- a/pom.xml +++ b/pom.xml @@ -48,10 +48,11 @@ 3.11 4.4 1.20 - 1.15 - 2.3.3.RELEASE - 5.2.9.RELEASE + 1.14 + 2.3.1.RELEASE + 5.2.8.RELEASE 0.9.0 + 2.8.0 true @@ -103,6 +104,11 @@ commons-compress ${apache.commons.compress} + + commons-io + commons-io + ${apache.commons.io} + com.google.guava guava diff --git a/util/pom.xml b/util/pom.xml index 06d32cf54b..f71f99cc11 100644 --- a/util/pom.xml +++ b/util/pom.xml @@ -46,6 +46,10 @@ org.apache.commons commons-lang3 + + commons-io + commons-io + com.google.guava guava diff --git a/util/src/main/java/io/kubernetes/client/Copy.java b/util/src/main/java/io/kubernetes/client/Copy.java index 316903bb6e..91c72a8dc0 100644 --- a/util/src/main/java/io/kubernetes/client/Copy.java +++ b/util/src/main/java/io/kubernetes/client/Copy.java @@ -39,6 +39,7 @@ import org.apache.commons.compress.archivers.tar.TarArchiveInputStream; import org.apache.commons.compress.archivers.tar.TarArchiveOutputStream; import org.apache.commons.compress.compressors.gzip.GzipCompressorInputStream; +import org.apache.commons.io.FilenameUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -170,7 +171,11 @@ public void copyDirectoryFromPod( log.error("Can't read: " + entry); continue; } - File f = new File(destination.toFile(), entry.getName()); + String normalName = FilenameUtils.normalize(entry.getName()); + if (normalName == null) { + throw new IOException("Invalid entry: " + entry.getName()); + } + File f = new File(destination.toFile(), normalName); if (entry.isDirectory()) { if (!f.isDirectory() && !f.mkdirs()) { throw new IOException("create directory failed: " + f);