Skip to content

Commit

Permalink
Fixed: [FB] Find Security Bugs
Browse files Browse the repository at this point in the history
(OFBIZ-9973)

As suggested by Mathieu on dev ML factorises the use of Path::normalize

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-framework/trunk@1864930 13f79535-47bb-0310-9956-ffa450edef68
  • Loading branch information
JacquesLeRoux committed Aug 11, 2019
1 parent 34fb04e commit 7c8f7a5
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 4 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@
import javax.swing.ImageIcon;

import org.apache.ofbiz.base.util.Debug;
import org.apache.ofbiz.base.util.FileUtil;
import org.apache.ofbiz.base.util.UtilDateTime;
import org.apache.ofbiz.base.util.UtilGenerics;
import org.apache.ofbiz.base.util.UtilProperties;
Expand Down Expand Up @@ -290,7 +291,7 @@ public static String uploadFrame(HttpServletRequest request, HttpServletResponse
String dataResourceId = null;
try {
String dirPath = "/frame/";
File dir = new File(imageServerPath + dirPath).toPath().normalize().toFile(); // cf. OFBIZ-9973
File dir = FileUtil.normalizeFilePath(imageServerPath + dirPath);
if (!dir.exists()) {
boolean createDir = dir.mkdir();
if (!createDir) {
Expand All @@ -299,7 +300,7 @@ public static String uploadFrame(HttpServletRequest request, HttpServletResponse
}
}
String imagePath = "/frame/" + imageName;
File file = new File(imageServerPath + imagePath).toPath().normalize().toFile(); // cf. OFBIZ-9973
File file = FileUtil.normalizeFilePath(imageServerPath + imagePath); // cf. OFBIZ-9973
if (file.exists()) {
request.setAttribute("_ERROR_MESSAGE_", "There is an existing frame, please select from the existing frame.");
return "error";
Expand Down Expand Up @@ -398,7 +399,7 @@ public static String previewFrameImage(HttpServletRequest request, HttpServletRe
Debug.logError("File :" + file.getName() + ", couldn't be loaded", module);
}
// Image Frame
BufferedImage bufImg1 = ImageIO.read(new File(imageServerPath + "/" + productId + "/" + imageName).toPath().normalize().toFile()); // cf. OFBIZ-9973
BufferedImage bufImg1 = ImageIO.read(FileUtil.normalizeFilePath(imageServerPath + "/" + productId + "/" + imageName)); // cf. OFBIZ-9973
BufferedImage bufImg2 = ImageIO.read(new File(imageServerPath + "/frame/" + frameImageName));

int bufImgType;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -40,12 +40,12 @@
import java.util.LinkedList;
import java.util.List;
import java.util.Set;

import java.util.UUID;
import java.util.zip.Deflater;
import java.util.zip.ZipEntry;
import java.util.zip.ZipInputStream;
import java.util.zip.ZipOutputStream;

import org.apache.commons.io.FileUtils;
import org.apache.ofbiz.base.location.ComponentLocationResolver;

Expand Down Expand Up @@ -488,4 +488,17 @@ public static void unzipFileToFolder(File zipFile, String outputFolder) throws I
zis.closeEntry();
zis.close();
}

/**
* Creates a File with a normalized file path
* This useful to prevent path traversal security issues
* cf. OFBIZ-9973 for more details
*
* @param filePath The file path to normalize
* @return A File with a normalized file path
*/
public static File normalizeFilePath(String filePath) {
return new File(filePath).toPath().normalize().toFile();
}

}

0 comments on commit 7c8f7a5

Please sign in to comment.