punch thru symlinks when loading plugins/modules

this ensures the codebase URL matches the permission grant (see matching toRealPath in Security.java)
in the case of symlinks or other shenanigans.

this is best effort, if we really want to support symlinks in any way, we need
e.g. qa or vagrant tests that configure a bunch of symlinks for things and ensure that in jenkins.
this should be easier to do with gradle, as we can just create a symlink'd home if we want
This commit is contained in:
Robert Muir 2015-12-08 08:04:11 -05:00
parent 0809e4a65f
commit a6ba351fb2
1 changed files with 4 additions and 2 deletions

View File

@ -316,7 +316,8 @@ public class PluginsService extends AbstractComponent {
// gather urls for jar files // gather urls for jar files
try (DirectoryStream<Path> jarStream = Files.newDirectoryStream(module, "*.jar")) { try (DirectoryStream<Path> jarStream = Files.newDirectoryStream(module, "*.jar")) {
for (Path jar : jarStream) { for (Path jar : jarStream) {
bundle.urls.add(jar.toUri().toURL()); // normalize with toRealPath to get symlinks out of our hair
bundle.urls.add(jar.toRealPath().toUri().toURL());
} }
} }
bundles.add(bundle); bundles.add(bundle);
@ -357,7 +358,8 @@ public class PluginsService extends AbstractComponent {
// a jvm plugin: gather urls for jar files // a jvm plugin: gather urls for jar files
try (DirectoryStream<Path> jarStream = Files.newDirectoryStream(plugin, "*.jar")) { try (DirectoryStream<Path> jarStream = Files.newDirectoryStream(plugin, "*.jar")) {
for (Path jar : jarStream) { for (Path jar : jarStream) {
urls.add(jar.toUri().toURL()); // normalize with toRealPath to get symlinks out of our hair
urls.add(jar.toRealPath().toUri().toURL());
} }
} }
} }