Use java.nio.file.Path for consistent sub-directory checking

markt-asf · markt-asf · commit 6d66e99ef85d · 2021-01-20T13:28:57.000Z
diff --git a/java/org/apache/catalina/servlets/DefaultServlet.java b/java/org/apache/catalina/servlets/DefaultServlet.java
@@ -2070,7 +2070,7 @@ private File validateGlobalXsltFile(File base) {
 
         // First check that the resulting path is under the provided base
         try {
-            if (!candidate.getCanonicalPath().startsWith(base.getCanonicalPath())) {
+            if (!candidate.getCanonicalFile().toPath().startsWith(base.getCanonicalFile().toPath())) {
                 return null;
             }
         } catch (IOException ioe) {
diff --git a/java/org/apache/catalina/session/FileStore.java b/java/org/apache/catalina/session/FileStore.java
@@ -351,7 +351,7 @@ private File file(String id) throws IOException {
         File file = new File(storageDir, filename);
 
         // Check the file is within the storage directory
-        if (!file.getCanonicalPath().startsWith(storageDir.getCanonicalPath())) {
+        if (!file.getCanonicalFile().toPath().startsWith(storageDir.getCanonicalFile().toPath())) {
             log.warn(sm.getString("fileStore.invalid", file.getPath(), id));
             return null;
         }
diff --git a/java/org/apache/catalina/startup/ContextConfig.java b/java/org/apache/catalina/startup/ContextConfig.java
@@ -858,7 +858,8 @@ protected void fixDocBase() throws IOException {
         String docBaseCanonical = docBaseAbsoluteFile.getCanonicalPath();
 
         // Re-calculate now docBase is a canonical path
-        boolean docBaseCanonicalInAppBase = docBaseCanonical.startsWith(appBase.getPath() + File.separatorChar);
+        boolean docBaseCanonicalInAppBase =
+                docBaseAbsoluteFile.getCanonicalFile().toPath().startsWith(appBase.toPath());
         String docBase;
         if (docBaseCanonicalInAppBase) {
             docBase = docBaseCanonical.substring(appBase.getPath().length());
diff --git a/java/org/apache/catalina/startup/ExpandWar.java b/java/org/apache/catalina/startup/ExpandWar.java
@@ -26,6 +26,7 @@
 import java.net.URL;
 import java.net.URLConnection;
 import java.nio.channels.FileChannel;
+import java.nio.file.Path;
 import java.util.Enumeration;
 import java.util.jar.JarEntry;
 import java.util.jar.JarFile;
@@ -116,10 +117,7 @@ public static String expand(Host host, URL war, String pathname)
         }
 
         // Expand the WAR into the new document base directory
-        String canonicalDocBasePrefix = docBase.getCanonicalPath();
-        if (!canonicalDocBasePrefix.endsWith(File.separator)) {
-            canonicalDocBasePrefix += File.separator;
-        }
+        Path canonicalDocBasePath = docBase.getCanonicalFile().toPath();
 
         // Creating war tracker parent (normally META-INF)
         File warTrackerParent = warTracker.getParentFile();
@@ -134,14 +132,13 @@ public static String expand(Host host, URL war, String pathname)
                 JarEntry jarEntry = jarEntries.nextElement();
                 String name = jarEntry.getName();
                 File expandedFile = new File(docBase, name);
-                if (!expandedFile.getCanonicalPath().startsWith(
-                        canonicalDocBasePrefix)) {
+                if (!expandedFile.getCanonicalFile().toPath().startsWith(canonicalDocBasePath)) {
                     // Trying to expand outside the docBase
                     // Throw an exception to stop the deployment
                     throw new IllegalArgumentException(
                             sm.getString("expandWar.illegalPath",war, name,
                                     expandedFile.getCanonicalPath(),
-                                    canonicalDocBasePrefix));
+                                    canonicalDocBasePath));
                 }
                 int last = name.lastIndexOf('/');
                 if (last >= 0) {
@@ -217,10 +214,7 @@ public static void validate(Host host, URL war, String pathname) throws IOExcept
         File docBase = new File(host.getAppBaseFile(), pathname);
 
         // Calculate the document base directory
-        String canonicalDocBasePrefix = docBase.getCanonicalPath();
-        if (!canonicalDocBasePrefix.endsWith(File.separator)) {
-            canonicalDocBasePrefix += File.separator;
-        }
+        Path canonicalDocBasePath = docBase.getCanonicalFile().toPath();
         JarURLConnection juc = (JarURLConnection) war.openConnection();
         juc.setUseCaches(false);
         try (JarFile jarFile = juc.getJarFile()) {
@@ -229,14 +223,13 @@ public static void validate(Host host, URL war, String pathname) throws IOExcept
                 JarEntry jarEntry = jarEntries.nextElement();
                 String name = jarEntry.getName();
                 File expandedFile = new File(docBase, name);
-                if (!expandedFile.getCanonicalPath().startsWith(
-                        canonicalDocBasePrefix)) {
+                if (!expandedFile.getCanonicalFile().toPath().startsWith(canonicalDocBasePath)) {
                     // Entry located outside the docBase
                     // Throw an exception to stop the deployment
                     throw new IllegalArgumentException(
                             sm.getString("expandWar.illegalPath",war, name,
                                     expandedFile.getCanonicalPath(),
-                                    canonicalDocBasePrefix));
+                                    canonicalDocBasePath));
                 }
             }
         } catch (IOException e) {
diff --git a/java/org/apache/catalina/startup/HostConfig.java b/java/org/apache/catalina/startup/HostConfig.java
@@ -598,8 +598,7 @@ protected void deployDescriptor(ContextName cn, File contextXml) {
                     docBase = new File(host.getAppBaseFile(), context.getDocBase());
                 }
                 // If external docBase, register .xml as redeploy first
-                if (!docBase.getCanonicalPath().startsWith(
-                        host.getAppBaseFile().getAbsolutePath() + File.separator)) {
+                if (!docBase.getCanonicalFile().toPath().startsWith(host.getAppBaseFile().toPath())) {
                     isExternal = true;
                     deployedApp.redeployResources.put(
                             contextXml.getAbsolutePath(),
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
@@ -225,6 +225,10 @@
       <update>
         Migrate to new code signing service. (markt)
       </update>
+      <scode>
+        Use <code>java.nio.file.Path</code> to test for one directory being a
+        sub-directory of another in a consistent way. (markt)
+      </scode>
     </changelog>
   </subsection>
 </section>

Original file line number	Diff line number	Diff line change
`@@ -2070,7 +2070,7 @@ private File validateGlobalXsltFile(File base) {`
`2070`	`2070`
`2071`	`2071`	`// First check that the resulting path is under the provided base`
`2072`	`2072`	`try {`
`2073`		`- if (!candidate.getCanonicalPath().startsWith(base.getCanonicalPath())) {`
	`2073`	`+ if (!candidate.getCanonicalFile().toPath().startsWith(base.getCanonicalFile().toPath())) {`
`2074`	`2074`	`return null;`
`2075`	`2075`	`}`
`2076`	`2076`	`} catch (IOException ioe) {`
Original file line number	Diff line number	Diff line change
`@@ -351,7 +351,7 @@ private File file(String id) throws IOException {`
`351`	`351`	`File file = new File(storageDir, filename);`
`352`	`352`
`353`	`353`	`// Check the file is within the storage directory`
`354`		`- if (!file.getCanonicalPath().startsWith(storageDir.getCanonicalPath())) {`
	`354`	`+ if (!file.getCanonicalFile().toPath().startsWith(storageDir.getCanonicalFile().toPath())) {`
`355`	`355`	`log.warn(sm.getString("fileStore.invalid", file.getPath(), id));`
`356`	`356`	`return null;`
`357`	`357`	`}`