diff --git a/frameworks/native/backup_ext/src/ext_extension.cpp b/frameworks/native/backup_ext/src/ext_extension.cpp index 47a690922cf63ac1c8bf0460126062593197fbcd..cead8c8870b3f577d93a201d38996a81212a09f2 100644 --- a/frameworks/native/backup_ext/src/ext_extension.cpp +++ b/frameworks/native/backup_ext/src/ext_extension.cpp @@ -400,7 +400,7 @@ tuple BackupExtExtension::GetIncrementalFileHandle( throw BError(BError::Codes::EXT_INVAL_ARG, "Action is invalid"); } VerifyCaller(); - if (BDir::CheckFilePathInvalid(fileName)) { + if (!BDir::IsFilePathValid(fileName)) { auto proxy = ServiceClient::GetInstance(); if (proxy == nullptr) { throw BError(BError::Codes::EXT_BROKEN_IPC, string("Failed to AGetInstance")); @@ -967,7 +967,7 @@ int BackupExtExtension::DoIncrementalRestore() string tarName = path + item; // 当用户指定fullBackupOnly字段或指定版本的恢复,解压目录当前在/backup/restore - if (BDir::CheckFilePathInvalid(tarName) || BDir::CheckAndRmSoftLink(tarName)) { + if (!BDir::IsFilePathValid(tarName) || BDir::CheckAndRmSoftLink(tarName)) { HILOGE("Check incre tarfile path : %{public}s err, path is forbidden", GetAnonyPath(tarName).c_str()); return BError(BError::Codes::EXT_FORBID_BACKUP_RESTORE).GetCode(); } @@ -1056,7 +1056,7 @@ void BackupExtExtension::RestoreBigFilesForSpecialCloneCloud(const ExtManageInfo } const struct stat &sta = item.sta; string fileName = item.hashName; - if (BDir::CheckFilePathInvalid(fileName)) { + if (!BDir::IsFilePathValid(fileName)) { HILOGE("Check big spec file path : %{public}s err, path is forbidden", GetAnonyPath(fileName).c_str()); errFileInfos_[fileName].emplace_back(DEFAULT_INVAL_VALUE); if (!RemoveFile(fileName)) { @@ -1111,7 +1111,7 @@ ErrCode BackupExtExtension::RestoreTarForSpecialCloneCloud(const ExtManageInfo & } HILOGI("Start to untar file = %{public}s, untarPath = %{public}s", GetAnonyPath(item.hashName).c_str(), GetAnonyPath(untarPath).c_str()); - if (BDir::CheckFilePathInvalid(tarName)) { + if (!BDir::IsFilePathValid(tarName)) { HILOGE("Check spec tarfile hash path : %{public}s err, path is forbidden", GetAnonyPath(tarName).c_str()); return ERR_INVALID_VALUE; } @@ -1119,7 +1119,7 @@ ErrCode BackupExtExtension::RestoreTarForSpecialCloneCloud(const ExtManageInfo & HILOGE("File soft links are forbidden"); return BError(BError::Codes::EXT_FORBID_BACKUP_RESTORE).GetCode(); } - if (BDir::CheckFilePathInvalid(untarPath)) { + if (!BDir::IsFilePathValid(untarPath)) { HILOGE("Check spec tarfile path : %{public}s err, path is forbidden", GetAnonyPath(untarPath).c_str()); return ERR_INVALID_VALUE; } @@ -1268,11 +1268,8 @@ void BackupExtExtension::RestoreOneBigFile(const std::string &path, string fileName = path + itemHashName; string filePath = appendTargetPath ? (path + itemFileName) : itemFileName; - if (BDir::CheckFilePathInvalid(filePath)) { + if (!BDir::IsFilePathValid(filePath)) { HILOGE("Check big file path : %{public}s err, path is forbidden", GetAnonyPath(filePath).c_str()); - AuditLog auditLog = {false, "Check file path", "ADD", "", 1, "FAILED", "CheckFilePathInvalid", - "RestoreOneBigFile", GetAnonyPath(filePath)}; - HiAudit::GetInstance(false).Write(auditLog); return; } if (BDir::CheckAndRmSoftLink(fileName)) { diff --git a/frameworks/native/backup_ext/src/untar_file.cpp b/frameworks/native/backup_ext/src/untar_file.cpp index 87d6f9454459f932e2be3732eca0a1b1f8052e65..c5eaa133194ce8c88510394b8311338b9d7c3866 100644 --- a/frameworks/native/backup_ext/src/untar_file.cpp +++ b/frameworks/native/backup_ext/src/untar_file.cpp @@ -330,7 +330,7 @@ std::tuple UntarFile::ParseIncrementalTarFile(con void UntarFile::MatchAregType(bool &isRightRes, FileStatInfo &info, ErrFileInfo &errFileInfo, bool &isFilter) { info.fullPath = GenRealPath(rootPath_, info.fullPath); - if (BDir::CheckFilePathInvalid(info.fullPath)) { + if (!BDir::IsFilePathValid(info.fullPath)) { HILOGE("Check file path : %{public}s err, path is forbidden", GetAnonyPath(info.fullPath).c_str()); isRightRes = false; return; @@ -342,7 +342,7 @@ void UntarFile::MatchAregType(bool &isRightRes, FileStatInfo &info, ErrFileInfo void UntarFile::MatchDirType(bool &isRightRes, FileStatInfo &info, ErrFileInfo &errFileInfo, bool &isFilter) { info.fullPath = GenRealPath(rootPath_, info.fullPath); - if (BDir::CheckFilePathInvalid(info.fullPath)) { + if (!BDir::IsFilePathValid(info.fullPath)) { HILOGE("Check file path : %{public}s err, path is forbidden", GetAnonyPath(info.fullPath).c_str()); isRightRes = false; return; @@ -354,7 +354,7 @@ void UntarFile::MatchDirType(bool &isRightRes, FileStatInfo &info, ErrFileInfo & void UntarFile::MatchGnuTypeLongName(bool &isRightRes, FileStatInfo &info, ErrFileInfo &errFileInfo, bool &isFilter) { auto result = ReadLongName(info); - if (BDir::CheckFilePathInvalid(info.fullPath) || BDir::CheckFilePathInvalid(info.longName)) { + if (!BDir::IsFilePathValid(info.fullPath) || !BDir::IsFilePathValid(info.longName)) { HILOGE("Check file path : %{public}s or long name : %{public}s err, path is forbidden", GetAnonyPath(info.fullPath).c_str(), GetAnonyPath(info.longName).c_str()); isRightRes = false; @@ -428,7 +428,7 @@ bool UntarFile::DealFileTag(ErrFileInfo &errFileInfo, return true; } info.fullPath = GenRealPath(rootPath_, info.fullPath); - if (BDir::CheckFilePathInvalid(info.fullPath)) { + if (!BDir::IsFilePathValid(info.fullPath)) { HILOGE("Check file path : %{public}s err, path is forbidden", GetAnonyPath(info.fullPath).c_str()); errFileInfo[info.fullPath].emplace_back(DEFAULT_ERR); return false; @@ -453,7 +453,7 @@ std::tuple UntarFile::MatchIncrementalScenario(bool isFi break; case DIRTYPE: info.fullPath = GenRealPath(rootPath_, info.fullPath); - if (BDir::CheckFilePathInvalid(info.fullPath)) { + if (!BDir::IsFilePathValid(info.fullPath)) { HILOGE("Check file path : %{public}s err, path is forbidden", GetAnonyPath(info.fullPath).c_str()); return {DEFAULT_ERR, true, {{info.fullPath, {DEFAULT_ERR}}}}; } @@ -462,7 +462,7 @@ std::tuple UntarFile::MatchIncrementalScenario(bool isFi break; case GNUTYPE_LONGNAME: { auto result = ReadLongName(info); - if (BDir::CheckFilePathInvalid(info.fullPath)) { + if (!BDir::IsFilePathValid(info.fullPath)) { HILOGE("Check file path : %{public}s err, path is forbidden", GetAnonyPath(info.fullPath).c_str()); return {DEFAULT_ERR, true, {{info.fullPath, {DEFAULT_ERR}}}}; } diff --git a/services/backup_sa/include/module_ipc/service.h b/services/backup_sa/include/module_ipc/service.h index bd5fa812920894e5bb9e07122bca8da08e372973..6ba8e73537016ea1a4ab859eefa1452306c2caf9 100644 --- a/services/backup_sa/include/module_ipc/service.h +++ b/services/backup_sa/include/module_ipc/service.h @@ -320,6 +320,8 @@ public: void ReportOnBundleStarted(IServiceReverse::Scenario scenario, const std::string &bundleName); ErrCode AppIncrementalFileReady(const std::string &bundleName, const std::string &fileName, UniqueFd fd, UniqueFd manifestFd, int32_t errCode); + ErrCode SendFileHandle(const std::string &bundleName, const std::string &fileName); + ErrCode SendIncrementalFileHandle(const std::string &bundleName, const std::string &fileName); public: explicit Service(int32_t saID, bool runOnCreate = false) : SystemAbility(saID, runOnCreate) { diff --git a/services/backup_sa/src/module_ipc/service.cpp b/services/backup_sa/src/module_ipc/service.cpp index 12f7ce461fadd1ad981587034a9672db7329503d..2c00bcc514da6fe30c9931a30ef51f39baa34453 100644 --- a/services/backup_sa/src/module_ipc/service.cpp +++ b/services/backup_sa/src/module_ipc/service.cpp @@ -1089,57 +1089,6 @@ ErrCode Service::LaunchBackupSAExtension(const BundleName &bundleName) return BError(BError::Codes::OK); } -ErrCode Service::GetFileHandle(const string &bundleName, const string &fileName) -{ - HITRACE_METER_NAME(HITRACE_TAG_FILEMANAGEMENT, __PRETTY_FUNCTION__); - try { - if (session_ == nullptr) { - HILOGE("GetFileHandle error, session is empty"); - return BError(BError::Codes::SA_INVAL_ARG); - } - ErrCode ret = VerifyCaller(IServiceReverse::Scenario::RESTORE); - if (ret != ERR_OK) { - HILOGE("verify caller failed, bundleName:%{public}s", bundleName.c_str()); - return ret; - } - bool updateRes = SvcRestoreDepsManager::GetInstance().UpdateToRestoreBundleMap(bundleName, fileName); - if (updateRes) { - return BError(BError::Codes::OK); - } - auto action = session_->GetServiceSchedAction(bundleName); - if (action == BConstants::ServiceSchedAction::UNKNOWN) { - HILOGE("action is unknown, bundleName:%{public}s", bundleName.c_str()); - return BError(BError::Codes::SA_INVAL_ARG); - } - if (action == BConstants::ServiceSchedAction::RUNNING) { - auto backUpConnection = session_->GetExtConnection(bundleName); - if (backUpConnection == nullptr) { - HILOGE("backUpConnection is empty, bundle:%{public}s", bundleName.c_str()); - return BError(BError::Codes::SA_INVAL_ARG); - } - auto proxy = backUpConnection->GetBackupExtProxy(); - if (!proxy) { - HILOGE("GetFileHandle error, Extension backup Proxy is empty"); - return BError(BError::Codes::SA_INVAL_ARG); - } - int32_t errCode = 0; - UniqueFd fd = proxy->GetFileHandle(fileName, errCode); - if (errCode != ERR_OK) { - AppRadar::Info info(bundleName, "", ""); - AppRadar::GetInstance().RecordRestoreFuncRes(info, "Service::GetFileHandle", GetUserIdDefault(), - BizStageRestore::BIZ_STAGE_GET_FILE_HANDLE_FAIL, errCode); - } - session_->GetServiceReverseProxy()->RestoreOnFileReady(bundleName, fileName, move(fd), errCode); - FileReadyRadarReport(bundleName, fileName, errCode, IServiceReverse::Scenario::RESTORE); - } else { - session_->SetExtFileNameRequest(bundleName, fileName); - } - return BError(BError::Codes::OK); - } catch (const BError &e) { - return e.GetCode(); - } -} - void Service::ExtStart(const string &bundleName) { HITRACE_METER_NAME(HITRACE_TAG_FILEMANAGEMENT, __PRETTY_FUNCTION__); diff --git a/services/backup_sa/src/module_ipc/service_incremental.cpp b/services/backup_sa/src/module_ipc/service_incremental.cpp index 3e8e487163ee6877ff53988247ffe149ee849585..fd596c6f8e2e0de7e3bc937b6fefdadadcfe6f85 100644 --- a/services/backup_sa/src/module_ipc/service_incremental.cpp +++ b/services/backup_sa/src/module_ipc/service_incremental.cpp @@ -35,6 +35,7 @@ #include "b_anony/b_anony.h" #include "b_error/b_error.h" #include "b_error/b_excep_utils.h" +#include "b_filesystem/b_dir.h" #include "b_hiaudit/hi_audit.h" #include "b_json/b_json_cached_entity.h" #include "b_json/b_json_entity_caps.h" @@ -704,30 +705,20 @@ ErrCode Service::GetIncrementalFileHandle(const std::string &bundleName, const s GetAnonyPath(fileName).c_str()); return ret; } + if (!BDir::IsFilePathValid(fileName)) { + HILOGE("path is forbidden, path : %{public}s", GetAnonyPath(fileName).c_str()); + return BError(BError::Codes::SA_INVAL_ARG); + } auto action = session_->GetServiceSchedAction(bundleName); if (action == BConstants::ServiceSchedAction::UNKNOWN) { HILOGE("action is unknown, bundleName:%{public}s", bundleName.c_str()); return BError(BError::Codes::SA_INVAL_ARG); } if (action == BConstants::ServiceSchedAction::RUNNING) { - auto backUpConnection = session_->GetExtConnection(bundleName); - if (backUpConnection == nullptr) { - HILOGE("backUpConnection is empty, bundle:%{public}s", bundleName.c_str()); - return BError(BError::Codes::SA_INVAL_ARG); - } - auto proxy = backUpConnection->GetBackupExtProxy(); - if (!proxy) { - HILOGE("GetIncrementalFileHandle failed, bundleName:%{public}s", bundleName.c_str()); - return BError(BError::Codes::SA_INVAL_ARG); - } - auto[errCode, fd, reportFd] = proxy->GetIncrementalFileHandle(fileName); - auto err = AppIncrementalFileReady(bundleName, fileName, move(fd), move(reportFd), errCode); + auto err = SendIncrementalFileHandle(bundleName, fileName); if (err != ERR_OK) { - HILOGE("Failed to send file handle, bundleName:%{public}s, fileName:%{public}s", - bundleName.c_str(), GetAnonyPath(fileName).c_str()); - AppRadar::Info info (bundleName, "", ""); - AppRadar::GetInstance().RecordRestoreFuncRes(info, "Service::GetIncrementalFileHandle", - GetUserIdDefault(), BizStageRestore::BIZ_STAGE_GET_FILE_HANDLE_FAIL, err); + HILOGE("SendIncrementalFileHandle failed, bundle:%{public}s", bundleName.c_str()); + return err; } } else { SvcRestoreDepsManager::GetInstance().UpdateToRestoreBundleMap(bundleName, fileName); @@ -740,6 +731,30 @@ ErrCode Service::GetIncrementalFileHandle(const std::string &bundleName, const s } } +ErrCode Service::SendIncrementalFileHandle(const std::string &bundleName, const std::string &fileName) +{ + auto backUpConnection = session_->GetExtConnection(bundleName); + if (backUpConnection == nullptr) { + HILOGE("backUpConnection is empty, bundle:%{public}s", bundleName.c_str()); + return BError(BError::Codes::SA_INVAL_ARG); + } + auto proxy = backUpConnection->GetBackupExtProxy(); + if (!proxy) { + HILOGE("GetIncrementalFileHandle failed, bundleName:%{public}s", bundleName.c_str()); + return BError(BError::Codes::SA_INVAL_ARG); + } + auto[errCode, fd, reportFd] = proxy->GetIncrementalFileHandle(fileName); + auto err = AppIncrementalFileReady(bundleName, fileName, move(fd), move(reportFd), errCode); + if (err != ERR_OK) { + HILOGE("Failed to send file handle, bundleName:%{public}s, fileName:%{public}s", + bundleName.c_str(), GetAnonyPath(fileName).c_str()); + AppRadar::Info info (bundleName, "", ""); + AppRadar::GetInstance().RecordRestoreFuncRes(info, "Service::GetIncrementalFileHandle", + GetUserIdDefault(), BizStageRestore::BIZ_STAGE_GET_FILE_HANDLE_FAIL, err); + } + return BError(BError::Codes::OK); +} + bool Service::IncrementalBackup(const string &bundleName) { HITRACE_METER_NAME(HITRACE_TAG_FILEMANAGEMENT, __PRETTY_FUNCTION__); diff --git a/services/backup_sa/src/module_ipc/sub_service.cpp b/services/backup_sa/src/module_ipc/sub_service.cpp index fcbfc1ad15ed6322025108f5687e9266349dc7a0..99b728768e450d565512686100a7532b04e986df 100644 --- a/services/backup_sa/src/module_ipc/sub_service.cpp +++ b/services/backup_sa/src/module_ipc/sub_service.cpp @@ -37,6 +37,7 @@ #include "b_anony/b_anony.h" #include "b_error/b_error.h" #include "b_error/b_excep_utils.h" +#include "b_filesystem/b_dir.h" #include "b_file_info.h" #include "b_hiaudit/hi_audit.h" #include "b_json/b_json_cached_entity.h" @@ -210,6 +211,71 @@ ErrCode Service::Finish() } } +ErrCode Service::GetFileHandle(const string &bundleName, const string &fileName) +{ + HITRACE_METER_NAME(HITRACE_TAG_FILEMANAGEMENT, __PRETTY_FUNCTION__); + try { + if (session_ == nullptr) { + HILOGE("GetFileHandle error, session is empty"); + return BError(BError::Codes::SA_INVAL_ARG); + } + ErrCode ret = VerifyCaller(IServiceReverse::Scenario::RESTORE); + if (ret != ERR_OK) { + HILOGE("verify caller failed, bundleName:%{public}s", bundleName.c_str()); + return ret; + } + if (!BDir::IsFilePathValid(fileName)) { + HILOGE("path is forbidden, path : %{public}s", GetAnonyPath(fileName).c_str()); + return BError(BError::Codes::SA_INVAL_ARG); + } + bool updateRes = SvcRestoreDepsManager::GetInstance().UpdateToRestoreBundleMap(bundleName, fileName); + if (updateRes) { + return BError(BError::Codes::OK); + } + auto action = session_->GetServiceSchedAction(bundleName); + if (action == BConstants::ServiceSchedAction::UNKNOWN) { + HILOGE("action is unknown, bundleName:%{public}s", bundleName.c_str()); + return BError(BError::Codes::SA_INVAL_ARG); + } + if (action == BConstants::ServiceSchedAction::RUNNING) { + auto err = SendFileHandle(bundleName, fileName); + if (err != ERR_OK) { + HILOGE("SendFileHandle failed, bundle:%{public}s", bundleName.c_str()); + return err; + } + } else { + session_->SetExtFileNameRequest(bundleName, fileName); + } + return BError(BError::Codes::OK); + } catch (const BError &e) { + return e.GetCode(); + } +} + +ErrCode Service::SendFileHandle(const std::string &bundleName, const std::string &fileName) +{ + auto backUpConnection = session_->GetExtConnection(bundleName); + if (backUpConnection == nullptr) { + HILOGE("backUpConnection is empty, bundle:%{public}s", bundleName.c_str()); + return BError(BError::Codes::SA_INVAL_ARG); + } + auto proxy = backUpConnection->GetBackupExtProxy(); + if (!proxy) { + HILOGE("GetFileHandle failed, bundleName:%{public}s", bundleName.c_str()); + return BError(BError::Codes::SA_INVAL_ARG); + } + int32_t errCode = 0; + UniqueFd fd = proxy->GetFileHandle(fileName, errCode); + if (errCode != ERR_OK) { + AppRadar::Info info(bundleName, "", ""); + AppRadar::GetInstance().RecordRestoreFuncRes(info, "Service::GetFileHandle", GetUserIdDefault(), + BizStageRestore::BIZ_STAGE_GET_FILE_HANDLE_FAIL, errCode); + } + session_->GetServiceReverseProxy()->RestoreOnFileReady(bundleName, fileName, move(fd), errCode); + FileReadyRadarReport(bundleName, fileName, errCode, IServiceReverse::Scenario::RESTORE); + return BError(BError::Codes::OK); +} + ErrCode Service::PublishFile(const BFileInfo &fileInfo) { HITRACE_METER_NAME(HITRACE_TAG_FILEMANAGEMENT, __PRETTY_FUNCTION__); diff --git a/tests/unittests/backup_utils/b_filesystem/b_dir_test.cpp b/tests/unittests/backup_utils/b_filesystem/b_dir_test.cpp index 6cd5d7f4f84a45329a61c2857bda2b2c44120286..582bf86d49e0adf07bcbd479fda7e0af72d1fcaf 100644 --- a/tests/unittests/backup_utils/b_filesystem/b_dir_test.cpp +++ b/tests/unittests/backup_utils/b_filesystem/b_dir_test.cpp @@ -320,44 +320,46 @@ HWTEST_F(BDirTest, b_dir_GetDirs_0100, testing::ext::TestSize.Level1) } /** - * @tc.number: SUB_backup_b_dir_CheckFilePathInvalid_0100 - * @tc.name: b_dir_CheckFilePathInvalid_0100 - * @tc.desc: Test function of CheckFilePathInvalid interface for SUCCESS + * @tc.number: SUB_backup_b_dir_IsFilePathValid_0100 + * @tc.name: b_dir_IsFilePathValid_0100 + * @tc.desc: Test function of IsFilePathValid interface for SUCCESS * @tc.size: MEDIUM * @tc.type: FUNC * @tc.level Level 1 * @tc.require: I6F3GV */ -HWTEST_F(BDirTest, b_dir_CheckFilePathInvalid_0100, testing::ext::TestSize.Level1) +HWTEST_F(BDirTest, b_dir_IsFilePathValid_0100, testing::ext::TestSize.Level1) { - GTEST_LOG_(INFO) << "BDirTest-begin b_dir_CheckFilePathInvalid_0100"; + GTEST_LOG_(INFO) << "BDirTest-begin b_dir_IsFilePathValid_0100"; try { - TestManager tm("b_dir_CheckFilePathInvalid_0100"); - std::string testPath = "../test../test1"; - std::string testPath1 = "test../../test"; - std::string testPath2 = "test../../"; - std::string testPath3 = "test"; - std::string testPath4 = "/test/test../test"; - std::string testPath5 = "/test../test../test"; - std::string testPath6 = "/test../test../test../"; - bool isForbid = BDir::CheckFilePathInvalid(testPath); - EXPECT_TRUE(isForbid); - bool isForbid1 = BDir::CheckFilePathInvalid(testPath1); - EXPECT_TRUE(isForbid1); - bool isForbid2 = BDir::CheckFilePathInvalid(testPath2); - EXPECT_TRUE(isForbid2); - bool isForbid3 = BDir::CheckFilePathInvalid(testPath3); - EXPECT_FALSE(isForbid3); - bool isForbid4 = BDir::CheckFilePathInvalid(testPath4); - EXPECT_FALSE(isForbid4); - bool isForbid5 = BDir::CheckFilePathInvalid(testPath5); - EXPECT_FALSE(isForbid5); - bool isForbid6 = BDir::CheckFilePathInvalid(testPath6); - EXPECT_FALSE(isForbid6); + TestManager tm("b_dir_IsFilePathValid_0100"); + bool result = BDir::IsFilePathValid("../test../test1"); + EXPECT_FALSE(result); + result = BDir::IsFilePathValid("/../test../test1"); + EXPECT_FALSE(result); + result = BDir::IsFilePathValid("test../../test"); + EXPECT_FALSE(result); + result = BDir::IsFilePathValid("test../../"); + EXPECT_FALSE(result); + result = BDir::IsFilePathValid("test../test../.."); + EXPECT_FALSE(result); + result = BDir::IsFilePathValid("/test/..test/.."); + EXPECT_FALSE(result); + + result = BDir::IsFilePathValid("test"); + EXPECT_TRUE(result); + result = BDir::IsFilePathValid("/test/test../test"); + EXPECT_TRUE(result); + result = BDir::IsFilePathValid("/test../test../test"); + EXPECT_TRUE(result); + result = BDir::IsFilePathValid("/test../test../test../"); + EXPECT_TRUE(result); + result = BDir::IsFilePathValid("/test../test../test../..test"); + EXPECT_TRUE(result); } catch (...) { GTEST_LOG_(INFO) << "BDirTest-an exception occurred."; } - GTEST_LOG_(INFO) << "BDirTest-end b_dir_CheckFilePathInvalid_0100"; + GTEST_LOG_(INFO) << "BDirTest-end b_dir_IsFilePathValid_0100"; } /** diff --git a/utils/include/b_filesystem/b_dir.h b/utils/include/b_filesystem/b_dir.h index d17452d5bd507443b0814e3be1d4090770157c97..3220a88fa935dc03b63ad8b6516fe0bb2ee9546a 100644 --- a/utils/include/b_filesystem/b_dir.h +++ b/utils/include/b_filesystem/b_dir.h @@ -91,7 +91,7 @@ public: * @param filePath 待核实的路径 * @return 是否是异常无效路径 */ - static bool CheckFilePathInvalid(const std::string &filePath); + static bool IsFilePathValid(const std::string &filePath); /** * @brief 核实文件是否存在软链接并删除 diff --git a/utils/src/b_filesystem/b_dir.cpp b/utils/src/b_filesystem/b_dir.cpp index 9b8f03dacd0384701acddbe30ad1ca03512a6623..2845338e4d6086644a0961141591cab2e3846212 100644 --- a/utils/src/b_filesystem/b_dir.cpp +++ b/utils/src/b_filesystem/b_dir.cpp @@ -41,6 +41,9 @@ const int32_t PATH_MAX_LEN = 4096; const size_t TOP_ELE = 0; const std::string APP_DATA_DIR = BConstants::PATH_PUBLIC_HOME + BConstants::PATH_APP_DATA + BConstants::FILE_SEPARATOR_CHAR; +const std::string PATH_INVALID_FLAG1 = "../"; +const std::string PATH_INVALID_FLAG2 = "/.."; +const uint32_t PATH_INVALID_FLAG_LEN = 3; static bool IsEmptyDirectory(const string &path) { @@ -511,17 +514,24 @@ vector BDir::GetDirs(const vector &paths) return dirs; } -bool BDir::CheckFilePathInvalid(const std::string &filePath) +bool BDir::IsFilePathValid(const std::string &filePath) { - size_t pos = filePath.find(BConstants::PATH_ABSOLUTE); + size_t pos = filePath.find(PATH_INVALID_FLAG1); while (pos != string::npos) { if (pos == 0 || filePath[pos - 1] == BConstants::FILE_SEPARATOR_CHAR) { - HILOGE("Relative path is not allowed, path = %{public}s", GetAnonyPath(filePath).c_str()); - return true; + HILOGE("Relative path is not allowed, path contain ../, path = %{private}s", + GetAnonyString(filePath).c_str()); + return false; } - pos = filePath.find(BConstants::PATH_ABSOLUTE, pos + BConstants::PATH_ABSOLUTE.size()); + pos = filePath.find(PATH_INVALID_FLAG1, pos + PATH_INVALID_FLAG_LEN); } - return false; + pos = filePath.rfind(PATH_INVALID_FLAG2); + if ((pos != string::npos) && (filePath.size() - pos == PATH_INVALID_FLAG_LEN)) { + HILOGE("Relative path is not allowed, path tail is /.., path = %{private}s", + GetAnonyString(filePath).c_str()); + return false; + } + return true; } bool BDir::CheckAndRmSoftLink(const std::string &filePath)