public static boolean isChildOf(File parent, File subdirectory) throws IOException { File parentFile = parent.getCanonicalFile(); File current = subdirectory.getCanonicalFile(); return !current.equals(parentFile) && isSubdirectoryOf(parent, subdirectory); }
private boolean isContainedInOtherAllowedDirs(File dir, List<File> allowedDirs) { for (File allowedDir : allowedDirs) { try { if (FileUtil.isSubdirectoryOf(allowedDir, dir)) { return true; } } catch (IOException e) { throw bomb(String.format("Failed to check directory %s and %s for sandbox cleanup", allowedDir, dir), e); } } return false; }
public void allowed(File allowedDir, List<File> allowedDirs) { try { if (!FileUtil.isSubdirectoryOf(baseFolder, allowedDir)) { throw new RuntimeException( "Cannot clean directory." + " Folder " + allowedDir.getAbsolutePath() + " is outside the base folder " + baseFolder); } } catch (IOException e) { throw new RuntimeException( "Cannot clean directory." + " Folder " + allowedDir.getAbsolutePath() + " is outside the base folder " + baseFolder); } allow(allowedDir, allowedDirs); }
public File getArtifactLocation(String path) throws IllegalArtifactLocationException { try { File file = new File(artifactsDirHolder.getArtifactsDir(), path); if (!FileUtil.isSubdirectoryOf(artifactsDirHolder.getArtifactsDir(), file)) { throw new IllegalArtifactLocationException("Illegal artifact path " + path); } return file; } catch (Exception e) { throw new IllegalArtifactLocationException("Illegal artifact path " + path); } }
public File findArtifact(LocatableEntity locatableEntity, String path) throws IllegalArtifactLocationException { try { File root = chooseExistingRoot(locatableEntity); if (root == null) { root = preferredRoot(locatableEntity); } File file = new File(root, path); if (!FileUtil.isSubdirectoryOf(root, file)) { throw new IllegalArtifactLocationException("Artifact path [" + path + "] is illegal." + " Path must be inside the artifact directory."); } return file; } catch (IOException e) { throw new IllegalArtifactLocationException("Artifact path [" + path + "] is illegal." + e.getMessage(), e); } }
@Test public void shouldDetectSubfolders() throws Exception { assertThat(isSubdirectoryOf(new File("a"), new File("a")), is(true)); assertThat(isSubdirectoryOf(new File("a"), new File("a/b")), is(true)); assertThat(isSubdirectoryOf(new File("a"), new File("aaaa")), is(false)); assertThat(isSubdirectoryOf(new File("a/b/c/d"), new File("a/b/c/d/e")), is(true)); assertThat(isSubdirectoryOf(new File("a/b/c/d/e"), new File("a/b/c/d")), is(false)); assertThat(isSubdirectoryOf(new File("/a/b"), new File("c/d")), is(false)); }
@Test public void shouldDetectSubfoldersWhenUsingRelativePaths() throws Exception { File parent = new File("/a/b"); assertThat(isSubdirectoryOf(parent, new File(parent, "../../..")), is(false)); }