Skip to content

Commit

Permalink
Add sanity check on attachment filename
Browse files Browse the repository at this point in the history
  • Loading branch information
bhou committed Apr 29, 2024
2 parents e07613b + 4aaecab commit 6e25976
Show file tree
Hide file tree
Showing 3 changed files with 21 additions and 3 deletions.
Original file line number Diff line number Diff line change
@@ -1,9 +1,27 @@
/*
*
* Copyright 2020 Netflix, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*/
package com.netflix.genie.web.exceptions.checked;

/**
* Exception thrown when the attachment filename is illegal.
*
* @author bhou
* @since 4.0.0
*/
public class IllegalAttachmentFileNameException extends SaveAttachmentException {
/**
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -96,7 +96,7 @@ public Set<URI> saveAttachments(

if (filename != null && filename.contains("/")) {
throw new IllegalAttachmentFileNameException("Attachment filename " + filename + " is illegal. "
+ "It should not contain /");
+ "It should not contain the char: /.");
}

if (attachmentSize > this.attachmentServiceProperties.getMaxSize().toBytes()) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -155,8 +155,8 @@ class LocalFileSystemAttachmentServiceImplSpec extends Specification {
}
def "reject attachments with illegal filename"() {
Set<Resource> attachments = Sets.newHashSet()
Resource attachment = Mock(Resource)
Set<Resource> attachments = new HashSet<Resource>()
Resource attachment = Mockito.mock(Resource.class)
Mockito.doReturn("../../../root/breakout.file").when(attachment).getFilename()
attachments.add(attachment)
Expand Down

0 comments on commit 6e25976

Please sign in to comment.