You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@reef.apache.org by "Gyewon Lee (JIRA)" <ji...@apache.org> on 2018/05/18 07:48:00 UTC
[jira] [Commented] (REEF-2019) Enforce uncompressed files are
within the current working directory in EvaluatorShim
[ https://issues.apache.org/jira/browse/REEF-2019?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16480306#comment-16480306 ]
Gyewon Lee commented on REEF-2019:
----------------------------------
I have created a PR on this issue. (https://github.com/apache/reef/pull/1463)
> Enforce uncompressed files are within the current working directory in EvaluatorShim
> ------------------------------------------------------------------------------------
>
> Key: REEF-2019
> URL: https://issues.apache.org/jira/browse/REEF-2019
> Project: REEF
> Issue Type: Bug
> Components: REEF-Runtime-AZBatch
> Reporter: Byung-Gon Chun
> Assignee: Gyewon Lee
> Priority: Major
>
> When compressed files are uncompressed, the files can be created outside the current working directory in EvaluatorShim (L295).
> [https://github.com/apache/reef/blob/561a336f2f0dda8f4a67a96179750a76167b038f/lang/java/reef-runtime-azbatch/src/main/java/org/apache/reef/runtime/azbatch/evaluator/EvaluatorShim.java#L295
> ]
> We will enforce that uncompressed files in EvaluatorShim are within the current working directory. If not, an exception will be raised.
> [~markus.weimer] suggested the following fix.
> final Path reefPath = this.reefFileNames.getREEFFolder().toPath();
> ...
> final Path destination = new File(this.reefFileNames.getREEFFolder(),
> zipEntry.getName()).toPath();
> if(!destination.startsWith(reefPath)){
> throw new IOException("Trying to unzip a file outside of the
> destination folder: " + destination);
> }
> Files.copy(inputStream, destination);
> Assigning this issue to [~gyewonlee].
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)