reef-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (REEF-2019) Enforce uncompressed files are within the current working directory in EvaluatorShim
Date Sun, 03 Jun 2018 08:12:00 GMT

    [ https://issues.apache.org/jira/browse/REEF-2019?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16499331#comment-16499331
] 

ASF GitHub Bot commented on REEF-2019:
--------------------------------------

bgchun commented on issue #1463: [REEF-2019] Enforce uncompressed files are within the current
directory
URL: https://github.com/apache/reef/pull/1463#issuecomment-394145189
 
 
   @markusweimer Can you also take a look?
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


> Enforce uncompressed files are within the current working directory in EvaluatorShim
> ------------------------------------------------------------------------------------
>
>                 Key: REEF-2019
>                 URL: https://issues.apache.org/jira/browse/REEF-2019
>             Project: REEF
>          Issue Type: Bug
>          Components: REEF-Runtime-AZBatch
>            Reporter: Byung-Gon Chun
>            Assignee: Gyewon Lee
>            Priority: Major
>
> When compressed files are uncompressed, the files can be created outside the current
working directory in EvaluatorShim (L295). 
> [https://github.com/apache/reef/blob/561a336f2f0dda8f4a67a96179750a76167b038f/lang/java/reef-runtime-azbatch/src/main/java/org/apache/reef/runtime/azbatch/evaluator/EvaluatorShim.java#L295
> ]
> We will enforce that uncompressed files in EvaluatorShim are within the current working
directory. If not, an exception will be raised.
> [~markus.weimer] suggested the following fix.
> final Path reefPath = this.reefFileNames.getREEFFolder().toPath();
> ...
> final Path destination = new File(this.reefFileNames.getREEFFolder(),
> zipEntry.getName()).toPath();
> if(!destination.startsWith(reefPath)){
>   throw new IOException("Trying to unzip a file outside of the
> destination folder: " + destination);
> }
> Files.copy(inputStream, destination);
> Assigning this issue to [~gyewonlee].



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message