Package com.inductiveautomation.ignition.client.launch.util

Class SecurePathUtils

java.lang.Object
com.inductiveautomation.ignition.client.launch.util.SecurePathUtils
public final class SecurePathUtils extends Object

  • Method Details

    • resolvePath

      public static Path resolvePath(Path baseDirPath, Path userPath)
      Resolves an untrusted user-specified path against the API's base directory. Paths that try to escape the base directory are rejected.

      Credit to: https://stackoverflow.com/questions/33083397/filtering-upwards-path-traversal-in-java-or-scala

      Parameters:
      baseDirPath - the absolute path of the base directory that all user-specified paths should be within
      userPath - the untrusted path provided by the API user, expected to be relative to baseDirPath
      Returns:
      the resolved path
      Throws:
      IllegalArgumentException - if baseDirPath is not absolute, userPath is absolute, or if userPath tries to escape baseDirPath

    • resolvePath

      public static Path resolvePath(Path baseDirPath, String first, String... more)
      Resolves an untrusted user-specified path against the API's base directory. Paths that try to escape the base directory are rejected. The userPath is built from the parts given by first, ..., more arguments using the baseDirPath's FileSystem.
      Parameters:
      baseDirPath - the absolute path of the base directory that all user-specified paths should be within
      first - the path string or initial part of the path string
      more - additional strings to be joined to form the path string
      Returns:
      the resolved path
      Throws:
      IllegalArgumentException - if baseDirPath is not absolute, or if the first,...,more path parts forms a userPath that is absolute or tries to escape baseDirPath
      See Also: