diff --git a/interfaces/common/src/sandbox_helper.cpp b/interfaces/common/src/sandbox_helper.cpp index d0a2e6f5522db8d3542a2f97515ff3d0f1e51720..221df95e1d6c64c1d33981f14fde4c7168642f1f 100644 --- a/interfaces/common/src/sandbox_helper.cpp +++ b/interfaces/common/src/sandbox_helper.cpp @@ -518,6 +518,10 @@ int32_t SandboxHelper::GetBackupPhysicalPath(const std::string &fileUri, const s bool SandboxHelper::IsValidPath(const std::string &filePath) { + if (std::any_of(filePath.begin(), filePath.end(), [](char c) { return c == '\0'; })) { + LOGE("Relative path is not allowed, path contains a truncation character"); + return false; + } size_t pos = filePath.find(PATH_INVALID_FLAG1); while (pos != string::npos) { if (pos == 0 || filePath[pos - 1] == BACKSLASH) { diff --git a/test/unittest/file_share_native/file_share_test.cpp b/test/unittest/file_share_native/file_share_test.cpp index 8b05e4b545de21a893c573963beb57854dae60ba..e5d3990e88ca679325deee6aaa6c350509fe5310 100644 --- a/test/unittest/file_share_native/file_share_test.cpp +++ b/test/unittest/file_share_native/file_share_test.cpp @@ -581,6 +581,35 @@ HWTEST_F(FileShareTest, File_share_IsValidPath_0002, testing::ext::TestSize.Leve GTEST_LOG_(INFO) << "FileShareTest-end File_share_IsValidPath_0002"; } +/** + * @tc.name: File_share_IsValidPath_0003 + * @tc.desc: Test function of CheckValidPath() interface for FAILURE. + * @tc.size: MEDIUM + * @tc.type: FUNC + * @tc.level Level 1 + * @tc.require: I7PDZL + */ +HWTEST_F(FileShareTest, File_share_IsValidPath_0003, testing::ext::TestSize.Level1) +{ + GTEST_LOG_(INFO) << "FileShareTest-begin File_share_IsValidPath_0003"; + bool result = SandboxHelper::IsValidPath({"/test/\0test", 11}); + EXPECT_FALSE(result); + result = SandboxHelper::IsValidPath({"/test/test/\0", 12}); + EXPECT_FALSE(result); + result = SandboxHelper::IsValidPath({"/test\00/test", 11}); + EXPECT_FALSE(result); + result = SandboxHelper::IsValidPath({"/test/test/\00", 12}); + EXPECT_FALSE(result); + result = SandboxHelper::IsValidPath({"/test/\x0test", 11}); + EXPECT_FALSE(result); + result = SandboxHelper::IsValidPath({"/test/test/\x0", 12}); + EXPECT_FALSE(result); + + result = SandboxHelper::IsValidPath("test/0/00/\test"); + EXPECT_TRUE(result); + GTEST_LOG_(INFO) << "FileShareTest-end File_share_IsValidPath_0003"; +} + /** * @tc.name: File_share_GetBackupPhysicalPath_0001 * @tc.desc: Test function of GetBackupPhysicalPath() interface for SUCCESS.