[HOTFIX] Prevent path directory traversal attack for deploy

2020-06-14 15:54:56 +02:00 · 2020-06-14 15:54:56 +02:00 · 15616e05f3
parent 76550be9e7
commit 15616e05f3
1 changed files with 9 additions and 3 deletions
--- a/prototype/src/main/java/org/hso/ecommerce/controller/shop/ShopArticleController.java
+++ b/prototype/src/main/java/org/hso/ecommerce/controller/shop/ShopArticleController.java
@ -16,6 +16,7 @@ import org.springframework.web.bind.annotation.*;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
+import java.io.File;
 import java.io.FileInputStream;
 import java.io.IOException;
 import java.io.InputStream;
@ -102,9 +103,14 @@ public class ShopArticleController {
        Article article = articleRepository.findArticleById(id);
        
        if(article.image != null) {
-        	InputStream in = new FileInputStream(article.image.path);
-            response.setContentType(MediaType.IMAGE_JPEG_VALUE);
-            IOUtils.copy(in, response.getOutputStream());
+            File file = new File(article.image.path);
+            if (file.getCanonicalPath().startsWith("./data/img/")) {
+                InputStream in = new FileInputStream(file);
+                response.setContentType(MediaType.IMAGE_JPEG_VALUE);
+                IOUtils.copy(in, response.getOutputStream());
+            } else {
+                throw new RuntimeException("Got illegal file path. DB was modified.");
+            }
        }        
    }
 }