reef-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Byung-Gon Chun (JIRA)" <j...@apache.org>
Subject [jira] [Assigned] (REEF-2019) Enforce uncompressed files are within the current working directory in EvaluatorShim
Date Fri, 18 May 2018 06:27:00 GMT

     [ https://issues.apache.org/jira/browse/REEF-2019?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Byung-Gon Chun reassigned REEF-2019:
------------------------------------

    Assignee: Gyewon Lee

> Enforce uncompressed files are within the current working directory in EvaluatorShim
> ------------------------------------------------------------------------------------
>
>                 Key: REEF-2019
>                 URL: https://issues.apache.org/jira/browse/REEF-2019
>             Project: REEF
>          Issue Type: Bug
>          Components: REEF-Runtime-AZBatch
>            Reporter: Byung-Gon Chun
>            Assignee: Gyewon Lee
>            Priority: Major
>
> When compressed files are uncompressed, the files can be created outside the current
working directory in EvaluatorShim (L295). 
> [https://github.com/apache/reef/blob/561a336f2f0dda8f4a67a96179750a76167b038f/lang/java/reef-runtime-azbatch/src/main/java/org/apache/reef/runtime/azbatch/evaluator/EvaluatorShim.java#L295
> ]
> We will enforce that uncompressed files in EvaluatorShim are within the current working
directory. If not, an exception will be raised.
> [~markus.weimer] suggested the following fix.
> final Path reefPath = this.reefFileNames.getREEFFolder().toPath();
> ...
> final Path destination = new File(this.reefFileNames.getREEFFolder(),
> zipEntry.getName()).toPath();
> if(!destination.startsWith(reefPath)){
>   throw new IOException("Trying to unzip a file outside of the
> destination folder: " + destination);
> }
> Files.copy(inputStream, destination);
> Assigning this issue to [~gyewonlee].



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message