Validates the file name (#1793)

This commit is contained in:
Ludy 2024-09-02 22:03:04 +02:00 committed by GitHub
parent b31d565c75
commit c1f78d0f9b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

View File

@ -163,6 +163,10 @@ public class DatabaseBackupHelper implements DatabaseBackupInterface {
// Deletes a backup file. // Deletes a backup file.
public boolean deleteBackupFile(String fileName) throws IOException { public boolean deleteBackupFile(String fileName) throws IOException {
if (!isValidFileName(fileName)) {
log.error("Invalid file name: {}", fileName);
return false;
}
Path filePath = this.getBackupFilePath(fileName); Path filePath = this.getBackupFilePath(fileName);
if (Files.deleteIfExists(filePath)) { if (Files.deleteIfExists(filePath)) {
log.info("Deleted backup file: {}", fileName); log.info("Deleted backup file: {}", fileName);
@ -175,7 +179,11 @@ public class DatabaseBackupHelper implements DatabaseBackupInterface {
// Gets the Path object for a given backup file name. // Gets the Path object for a given backup file name.
public Path getBackupFilePath(String fileName) { public Path getBackupFilePath(String fileName) {
return Paths.get(backupPath.toString(), fileName); Path filePath = Paths.get(backupPath.toString(), fileName).normalize();
if (!filePath.startsWith(backupPath)) {
throw new SecurityException("Path traversal detected");
}
return filePath;
} }
private boolean executeDatabaseScript(Path scriptPath) { private boolean executeDatabaseScript(Path scriptPath) {
@ -202,4 +210,19 @@ public class DatabaseBackupHelper implements DatabaseBackupInterface {
} }
} }
} }
private boolean isValidFileName(String fileName) {
// Check for invalid characters or sequences
return fileName != null
&& !fileName.contains("..")
&& !fileName.contains("/")
&& !fileName.contains("\\")
&& !fileName.contains(":")
&& !fileName.contains("*")
&& !fileName.contains("?")
&& !fileName.contains("\"")
&& !fileName.contains("<")
&& !fileName.contains(">")
&& !fileName.contains("|");
}
} }