Fix issues with Path.toRealPath() #3495
Conversation
![sonatype-lift[bot]](https://avatars.githubusercontent.com/in/9843?s=60&v=4){kind=small}
| } | ||
|
|
||
| @Override | ||
| public List<FilePath> newDirectoryStream() { |
There was a problem hiding this comment.
MixedMutabilityReturnType: This method returns both mutable and immutable collections or maps from different paths. This may be confusing for users of the method.
| public List<FilePath> newDirectoryStream() { | |
| return ImmutableList.copyOf(files.collect(ArrayList::new, (t, u) -> t.add(getPath(u.toString())), ArrayList::addAll)); |
(at-me in a reply with help or ignore)
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
There was a problem hiding this comment.
@sonatype-lift ignore
There was a problem hiding this comment.
I've recorded this as ignored for this pull request. If you change your mind, just comment @sonatype-lift unignore.
| @Override | ||
| public List<FilePath> newDirectoryStream() { | ||
| try (Stream<Path> files = Files.list(Paths.get(name).toRealPath())) { | ||
| try (Stream<Path> files = Files.list(toRealPath(Paths.get(name)))) { |
There was a problem hiding this comment.
PATH_TRAVERSAL_IN: This API (java/nio/file/Paths.get(Ljava/lang/String;[Ljava/lang/String;)Ljava/nio/file/Path;) reads a file whose location might be specified by user input
(at-me in a reply with help or ignore)
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
There was a problem hiding this comment.
@sonatype-lift ignore
There was a problem hiding this comment.
I've recorded this as ignored for this pull request. If you change your mind, just comment @sonatype-lift unignore.
| @Override | ||
| public FilePathDisk toRealPath() { | ||
| Path path = Paths.get(name); | ||
| return getPath(toRealPath(Paths.get(name)).toString()); |
There was a problem hiding this comment.
PATH_TRAVERSAL_IN: This API (java/nio/file/Paths.get(Ljava/lang/String;[Ljava/lang/String;)Ljava/nio/file/Path;) reads a file whose location might be specified by user input
(at-me in a reply with help or ignore)
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
There was a problem hiding this comment.
@sonatype-lift ignore
There was a problem hiding this comment.
I've recorded this as ignored for this pull request. If you change your mind, just comment @sonatype-lift unignore.
1 participant
toRealPath()is used fornewDirectoryStream()too. Closes FilePathDisk.newDirectoryStream() may fail on remote drive on Windows due to AccessDeniedException in Path.toRealPath() #3486.FileLister.getDatabaseFiles()doesn't calltoRealPath()by itself anymore. It was needed only becauseFilePath.newDirectoryStream()returns real names, buttoRealPath()was called with a fake name. If such file or directory exists with different case of characters on case-insensitive file system a wrong prefix for test was generated. With the new implementationFilePath.getName()is used for filtration. Closes org.h2.tools.DeleteDbFiles won't delete files under certain circumstances #3493.