Skip to content

Commit

Permalink
Control data used in path expression when running remote-dev
Browse files Browse the repository at this point in the history 
(cherry picked from commit 8fe16d4)
  • Loading branch information
@gastaldi @gsmet
gastaldi authored and gsmet committed Jun 4, 2024
1 parent 47a25a3 commit 5d7e3e6
Showing 1 changed file with 9 additions and 4 deletions.
13 changes: 9 additions & 4 deletions core/deployment/src/main/java/io/quarkus/deployment/dev/IsolatedRemoteDevModeMain.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -253,14 +253,19 @@ private Closeable doConnect() {
@Override
public Map<String, byte[]> apply(Set<String> fileNames) {
Map<String, byte[]> ret = new HashMap<>();
for (String i : fileNames) {
for (String filename : fileNames) {
try {
Path resolvedPath = appRoot.resolve(i);
Path resolvedPath = appRoot.resolve(filename);
// Ensure that path stays inside appRoot
if (!resolvedPath.startsWith(appRoot)) {
log.errorf("Attempted to access %s outside of %s", resolvedPath, appRoot);
continue;
}
if (!Files.isDirectory(resolvedPath)) {
ret.put(i, Files.readAllBytes(resolvedPath));
ret.put(filename, Files.readAllBytes(resolvedPath));
}
} catch (IOException e) {
log.error("Failed to read file " + i, e);
log.error("Failed to read file " + filename, e);
}
}
return ret;
Expand Down

0 comments on commit 5d7e3e6

Please sign in to comment.