Return-Path: <dev-return-33993-archive-asf-public=cust-asf.ponee.io@drill.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id AA729200D4B
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Mon, 27 Nov 2017 21:51:15 +0100 (CET)
Received: by cust-asf.ponee.io (Postfix)
	id A9003160C13; Mon, 27 Nov 2017 20:51:15 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id E5F9A160BFA
	for <archive-asf-public@cust-asf.ponee.io>; Mon, 27 Nov 2017 21:51:14 +0100 (CET)
Received: (qmail 92551 invoked by uid 500); 27 Nov 2017 20:51:14 -0000
Mailing-List: contact dev-help@drill.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@drill.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@drill.apache.org>
List-Post: <mailto:dev@drill.apache.org>
List-Id: <dev.drill.apache.org>
Reply-To: dev@drill.apache.org
Delivered-To: mailing list dev@drill.apache.org
Received: (qmail 92540 invoked by uid 99); 27 Nov 2017 20:51:13 -0000
Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 27 Nov 2017 20:51:13 +0000
Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33)
	id E08D6DF9C5; Mon, 27 Nov 2017 20:51:12 +0000 (UTC)
From: parthchandra <git@git.apache.org>
To: dev@drill.apache.org
Reply-To: dev@drill.apache.org
References: <git-pr-1050-drill@git.apache.org>
In-Reply-To: <git-pr-1050-drill@git.apache.org>
Subject: [GitHub] drill pull request #1050: DRILL-5964: Do not allow queries to access paths o...
Content-Type: text/plain
Message-Id: <20171127205112.E08D6DF9C5@git1-us-west.apache.org>
Date: Mon, 27 Nov 2017 20:51:12 +0000 (UTC)
archived-at: Mon, 27 Nov 2017 20:51:15 -0000

Github user parthchandra commented on a diff in the pull request:

    https://github.com/apache/drill/pull/1050#discussion_r152862693
  
    --- Diff: exec/java-exec/src/main/java/org/apache/drill/exec/store/dfs/FileSelection.java ---
    @@ -359,15 +363,30 @@ private static Path handleWildCard(final String root) {
         }
       }
     
    -  private static String removeLeadingSlash(String path) {
    -    if (path.charAt(0) == '/') {
    +  public static String removeLeadingSlash(String path) {
    +    if (!path.isEmpty() && path.charAt(0) == '/') {
           String newPath = path.substring(1);
           return removeLeadingSlash(newPath);
         } else {
           return path;
         }
       }
     
    +  // Check if the path is a valid sub path under the parent after removing backpaths. Throw an exception if
    +  // it is not
    +  // We pass subpath in as a parameter only for the error message
    +  public static boolean checkBackPaths(String parent, String combinedPath, String subpath) {
    --- End diff --
    
    Done


---