From b0819e0ef5e08c792a4d1724b938714ce9503aa3 Mon Sep 17 00:00:00 2001
From: jixinchi <jixinchi@bytedance.com>
Date: Wed, 3 Apr 2024 16:57:40 +0800
Subject: [PATCH] more validation for containerName and blobKey to avoid access
 escape

---
 .../internal/FilesystemBlobKeyValidatorImpl.java         | 2 ++
 .../internal/FilesystemContainerNameValidatorImpl.java   | 2 ++
 .../strategy/internal/FilesystemStorageStrategyImpl.java | 9 +++++++++
 3 files changed, 13 insertions(+)

diff --git a/apis/filesystem/src/main/java/org/jclouds/filesystem/predicates/validators/internal/FilesystemBlobKeyValidatorImpl.java b/apis/filesystem/src/main/java/org/jclouds/filesystem/predicates/validators/internal/FilesystemBlobKeyValidatorImpl.java
index 25e4fdaa0e..60a5721113 100644
--- a/apis/filesystem/src/main/java/org/jclouds/filesystem/predicates/validators/internal/FilesystemBlobKeyValidatorImpl.java
+++ b/apis/filesystem/src/main/java/org/jclouds/filesystem/predicates/validators/internal/FilesystemBlobKeyValidatorImpl.java
@@ -38,6 +38,8 @@ public class FilesystemBlobKeyValidatorImpl extends FilesystemBlobKeyValidator {
         //blobkey cannot start with / (or \ in Windows) character
         if (name.startsWith("\\") || name.startsWith("/"))
             throw new IllegalArgumentException("Blob key '" + name + "' cannot start with \\ or /");
+        if (name.contains("../"))
+            throw new IllegalArgumentException("Blob key '" + name + "' cannot contains ../");
     }
 
 }
diff --git a/apis/filesystem/src/main/java/org/jclouds/filesystem/predicates/validators/internal/FilesystemContainerNameValidatorImpl.java b/apis/filesystem/src/main/java/org/jclouds/filesystem/predicates/validators/internal/FilesystemContainerNameValidatorImpl.java
index c18835a30f..21e5cf5e29 100644
--- a/apis/filesystem/src/main/java/org/jclouds/filesystem/predicates/validators/internal/FilesystemContainerNameValidatorImpl.java
+++ b/apis/filesystem/src/main/java/org/jclouds/filesystem/predicates/validators/internal/FilesystemContainerNameValidatorImpl.java
@@ -38,6 +38,8 @@ public class FilesystemContainerNameValidatorImpl extends FilesystemContainerNam
         //container name cannot contains / (or \ in Windows) character
         if (name.contains("\\") || name.contains("/"))
             throw new IllegalArgumentException("Container name '" + name + "' cannot contain \\ or /");
+        if (name.equals(".") || name.equals(".."))
+            throw new IllegalArgumentException("Container name cannot be . or ..");
     }
 
 }
diff --git a/apis/filesystem/src/main/java/org/jclouds/filesystem/strategy/internal/FilesystemStorageStrategyImpl.java b/apis/filesystem/src/main/java/org/jclouds/filesystem/strategy/internal/FilesystemStorageStrategyImpl.java
index 660d89cb1d..4d4b69b838 100644
--- a/apis/filesystem/src/main/java/org/jclouds/filesystem/strategy/internal/FilesystemStorageStrategyImpl.java
+++ b/apis/filesystem/src/main/java/org/jclouds/filesystem/strategy/internal/FilesystemStorageStrategyImpl.java
@@ -187,6 +187,7 @@ public class FilesystemStorageStrategyImpl implements LocalStorageStrategy {
 
    @Override
    public ContainerAccess getContainerAccess(String container) {
+      filesystemContainerNameValidator.validate(container);
       File file = new File(buildPathStartingFromBaseDir(container));
       if (!file.exists()) {
          throw new ContainerNotFoundException(container, "in getContainerAccess");
@@ -217,6 +218,7 @@ public class FilesystemStorageStrategyImpl implements LocalStorageStrategy {
 
    @Override
    public void setContainerAccess(String container, ContainerAccess access) {
+      filesystemContainerNameValidator.validate(container);
       Path path = new File(buildPathStartingFromBaseDir(container)).toPath();
 
       if ( isWindows() ) {
@@ -310,6 +312,7 @@ public class FilesystemStorageStrategyImpl implements LocalStorageStrategy {
 
    @Override
    public StorageMetadata getContainerMetadata(String container) {
+      filesystemContainerNameValidator.validate(container);
       MutableStorageMetadata metadata = new MutableStorageMetadataImpl();
       metadata.setName(container);
       metadata.setType(StorageType.CONTAINER);
@@ -378,6 +381,8 @@ public class FilesystemStorageStrategyImpl implements LocalStorageStrategy {
 
    @Override
    public Blob getBlob(final String container, final String key) {
+      filesystemContainerNameValidator.validate(container);
+      filesystemBlobKeyValidator.validate(key);
       BlobBuilder builder = blobBuilders.get();
       builder.name(key);
       File file = getFileForBlobKey(container, key);
@@ -658,6 +663,8 @@ public class FilesystemStorageStrategyImpl implements LocalStorageStrategy {
 
    @Override
    public BlobAccess getBlobAccess(String containerName, String blobName) {
+      filesystemContainerNameValidator.validate(containerName);
+      filesystemBlobKeyValidator.validate(blobName);
       if (!new File(buildPathStartingFromBaseDir(containerName)).exists()) {
          throw new ContainerNotFoundException(containerName, "in getBlobAccess");
       }
@@ -691,6 +698,8 @@ public class FilesystemStorageStrategyImpl implements LocalStorageStrategy {
 
    @Override
    public void setBlobAccess(String container, String name, BlobAccess access) {
+      filesystemContainerNameValidator.validate(container);
+      filesystemBlobKeyValidator.validate(name);
       Path path = new File(buildPathStartingFromBaseDir(container, name)).toPath();
       if ( isWindows() ) {
          try {