From 26f342099cb11751a8d51fc5e614233f9e3ca3fe Mon Sep 17 00:00:00 2001 From: hunili Date: Thu, 5 Dec 2024 10:07:10 +0800 Subject: [PATCH] =?UTF-8?q?=E6=A0=A1=E9=AA=8C=E8=B7=AF=E5=BE=84=20?= =?UTF-8?q?=E6=96=87=E4=BB=B6=E5=A4=B9=E5=90=8D=E7=A7=B0=E6=9C=AB=E5=B0=BE?= =?UTF-8?q?=E5=90=AB=E6=9C=89..=EF=BC=8C=E8=A2=AB=E5=BC=82=E5=B8=B8?= =?UTF-8?q?=E6=8B=A6=E6=88=AA=20issue:=20https://gitee.com/openharmony/fil?= =?UTF-8?q?emanagement=5Fapp=5Ffile=5Fservice/issues/IB96JI=20Signed-off-b?= =?UTF-8?q?y:=20hunili=20?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../backup_utils/b_filesystem/b_dir_test.cpp | 41 +++++++++++++++++++ utils/include/b_resources/b_constants.h | 2 + utils/src/b_filesystem/b_dir.cpp | 9 +++- 3 files changed, 50 insertions(+), 2 deletions(-) diff --git a/tests/unittests/backup_utils/b_filesystem/b_dir_test.cpp b/tests/unittests/backup_utils/b_filesystem/b_dir_test.cpp index 793168564..0d2da33bb 100644 --- a/tests/unittests/backup_utils/b_filesystem/b_dir_test.cpp +++ b/tests/unittests/backup_utils/b_filesystem/b_dir_test.cpp @@ -319,6 +319,47 @@ HWTEST_F(BDirTest, b_dir_GetDirs_0100, testing::ext::TestSize.Level1) GTEST_LOG_(INFO) << "BDirTest-end b_dir_GetDirs_0100"; } +/** + * @tc.number: SUB_backup_b_dir_CheckFilePathInvalid_0100 + * @tc.name: b_dir_CheckFilePathInvalid_0100 + * @tc.desc: Test function of CheckFilePathInvalid interface for SUCCESS + * @tc.size: MEDIUM + * @tc.type: FUNC + * @tc.level Level 1 + * @tc.require: I6F3GV + */ +HWTEST_F(BDirTest, b_dir_CheckFilePathInvalid_0100, testing::ext::TestSize.Level1) +{ + GTEST_LOG_(INFO) << "BDirTest-begin b_dir_CheckFilePathInvalid_0100"; + try { + TestManager tm("b_dir_CheckFilePathInvalid_0100"); + std::string testPath = "../test../test1"; + std::string testPath1 = "test../../test"; + std::string testPath2 = "test../../"; + std::string testPath3 = "test"; + std::string testPath4 = "/test/test../test"; + std::string testPath5 = "/test../test../test"; + std::string testPath6 = "/test../test../test../"; + bool isForbid = BDir::CheckFilePathInvalid(testPath); + EXPECT_TRUE(isForbid); + bool isForbid1 = BDir::CheckFilePathInvalid(testPath1); + EXPECT_TRUE(isForbid1); + bool isForbid2 = BDir::CheckFilePathInvalid(testPath2); + EXPECT_TRUE(isForbid2); + bool isForbid3 = BDir::CheckFilePathInvalid(testPath3); + EXPECT_FALSE(isForbid3); + bool isForbid4 = BDir::CheckFilePathInvalid(testPath4); + EXPECT_FALSE(isForbid4); + bool isForbid5 = BDir::CheckFilePathInvalid(testPath5); + EXPECT_FALSE(isForbid5); + bool isForbid6 = BDir::CheckFilePathInvalid(testPath6); + EXPECT_FALSE(isForbid6); + } catch (...) { + GTEST_LOG_(INFO) << "BDirTest-an exception occurred."; + } + GTEST_LOG_(INFO) << "BDirTest-end b_dir_CheckFilePathInvalid_0100"; +} + /** * @tc.number: SUB_backup_b_dir_GetFile_0100 * @tc.name: b_dir_GetFile_0100 diff --git a/utils/include/b_resources/b_constants.h b/utils/include/b_resources/b_constants.h index fe7934006..8c23a43ab 100644 --- a/utils/include/b_resources/b_constants.h +++ b/utils/include/b_resources/b_constants.h @@ -148,6 +148,8 @@ constexpr int BACKUP_DEFAULT_SA_ID = -1; constexpr int BACKUP_SA_RELOAD_MAX = 2; static inline std::string EXTENSION_BACKUP = "backup"; static inline std::string EXTENSION_RESTORE = "restore"; +// 路径校验 +static inline std::string PATH_ABSOLUTE = "../"; // 多用户场景应用备份数据路径 static inline std::string GetSaBundleBackupDir(int32_t userId) diff --git a/utils/src/b_filesystem/b_dir.cpp b/utils/src/b_filesystem/b_dir.cpp index baac25c55..310127f7b 100644 --- a/utils/src/b_filesystem/b_dir.cpp +++ b/utils/src/b_filesystem/b_dir.cpp @@ -501,8 +501,13 @@ vector BDir::GetDirs(const vector &paths) bool BDir::CheckFilePathInvalid(const std::string &filePath) { - if (filePath.find("../") != std::string::npos) { - return true; + size_t pos = filePath.find(BConstants::PATH_ABSOLUTE); + while (pos != string::npos) { + if (pos == 0 || filePath[pos - 1] == BConstants::FILE_SEPARATOR_CHAR) { + HILOGE("Relative path is not allowed, path = %{public}s", GetAnonyPath(filePath).c_str()); + return true; + } + pos = filePath.find(BConstants::PATH_ABSOLUTE, pos + BConstants::PATH_ABSOLUTE.size()); } return false; } -- Gitee