honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Validate filename both before and after resolving the path (elastic/x-pack-elasticsearch#1775) 

This change ensures we fail early with validation before we even attempt to resolve a path as the
path resolution can fail with invalid characters on some operating systems.

relates elastic/x-pack-elasticsearch#1757

Original commit: elastic/x-pack-elasticsearch@3a4243b6d6
This commit is contained in:
Jay Modi 2017-06-19 14:09:48 -06:00 committed by GitHub
parent b07a903afa
commit 3854e0aee7
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
plugin/src/main/java/org/elasticsearch/xpack/ssl/CertificateTool.java
View File

@ -617,7 +617,8 @@ public class CertificateTool extends EnvironmentAwareCommand {
}
static boolean isValidFilename(String name) {
return ALLOWED_FILENAME_CHAR_PATTERN.matcher(resolvePath(name).toString()).matches()
return ALLOWED_FILENAME_CHAR_PATTERN.matcher(name).matches()
&& ALLOWED_FILENAME_CHAR_PATTERN.matcher(resolvePath(name).toString()).matches()
&& name.startsWith(".") == false;
}
}