Gitiles
Code Review Sign In
gerrit.onosproject.org / onos / 4b19da6ce94de4865a365c200d6e8169ffb2184f^! / . / core / common / src / main / java / org / onosproject / common / app / ApplicationArchive.java
commit4b19da6ce94de4865a365c200d6e8169ffb2184f[log] [tgz]
authorRay Milkey <ray@opennetworking.org>Sun Jul 08 10:06:19 2018 -0700
committerThomas Vachuska <tom@opennetworking.org>Mon Jul 09 16:06:10 2018 +0000
tree50c873c1623533b74f0598b06e10f379a5dbdf30
parent5b66ce0da32ce62d71868558b6229da190343676 [diff] [blame]
Fix for OS-13 - don't allow app pathnames to leave the app root

Change-Id: I6bb7be6df8be3dced903f72cef4600532cb118a3
(cherry picked from commit 10e606aab45365b15f2533e0e92d5047ac6a84fe)

diff --git a/core/common/src/main/java/org/onosproject/common/app/ApplicationArchive.java b/core/common/src/main/java/org/onosproject/common/app/ApplicationArchive.java
index 55c198e..339e68e 100644
--- a/core/common/src/main/java/org/onosproject/common/app/ApplicationArchive.java
+++ b/core/common/src/main/java/org/onosproject/common/app/ApplicationArchive.java

@@ -233,13 +233,17 @@
         return new String(bytes, 0, Math.min(bytes.length, length), StandardCharsets.UTF_8);
     }
 
+    private String filterAppNameForFilesystem(String name) {
+        return name.replace("/", "^");
+    }
+
     /**
      * Purges the application archive directory.
      *
      * @param appName application name
      */
     public synchronized void purgeApplication(String appName) {
-        File appDir = new File(appsDir, appName);
+        File appDir = new File(appsDir, filterAppNameForFilesystem(appName));
         try {
             Tools.removeDirectory(appDir);
         } catch (IOException e) {
@@ -353,7 +357,7 @@
         boolean isSelfContained = false;
         ZipInputStream zis = new ZipInputStream(stream);
         ZipEntry entry;
-        File appDir = new File(appsDir, desc.name());
+        File appDir = new File(appsDir, filterAppNameForFilesystem(desc.name()));
         while ((entry = zis.getNextEntry()) != null) {
             if (!entry.isDirectory()) {
                 byte[] data = ByteStreams.toByteArray(zis);
@@ -437,7 +441,7 @@
     private void saveApplication(InputStream stream, ApplicationDescription desc,
                                  boolean isSelfContainedJar)
             throws IOException {
-        String name = desc.name() + (isSelfContainedJar ? JAR : OAR);
+        String name = filterAppNameForFilesystem(desc.name()) + (isSelfContainedJar ? JAR : OAR);
         Files.write(toByteArray(stream), appFile(desc.name(), name));
     }
 
@@ -499,7 +503,7 @@
 
     // Returns the name of the file located under the specified app directory.
     private File appFile(String appName, String fileName) {
-        return new File(new File(appsDir, appName), fileName);
+        return new File(new File(appsDir, filterAppNameForFilesystem(appName)), fileName);
     }
 
     // Returns the icon file located under the specified app directory.