cmhi
/
middleware_agent
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

OCT REM: 1. 增加输入路径合法性校验

This commit is contained in:
HuangXin 2025-04-15 10:30:16 +08:00
parent 545ae65db8
commit c763477a31
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/main/java/com/cmcc/magent/service/impl/MiddlewareManagerServiceImpl.java
View File

@ -227,7 +227,13 @@ public class MiddlewareManagerServiceImpl implements MiddlewareManagerService {
private MulReturnType<ErrorCode, String> downloadAndValidateFiles(String workDir, List<RemoteFileDetails> configFiles) {
for (RemoteFileDetails file : configFiles) {
try {
String saveName = Paths.get(workDir + File.separator + file.getFileName()).toString();
Path path = Paths.get(workDir + File.separator + file.getFileName());
String saveName = path.normalize().toString();
if (!saveName.startsWith(workDir + File.separator)) {
return new MulReturnType<>(ErrorCode.ERR_INPUTFORMAT, file.fileName);
}
/* Http Download Usage: new FileDownloader(file.getUrl(), saveName).downloadFile(); */
OssService service = ossFactory.getOssService();
service.download(new URL(file.getUrl()), new File(saveName));