more validation for containerName and blobKey to avoid access escape

apis/filesystem/src/main/java/org/jclouds/filesystem/predicates/validators/internal/FilesystemBlobKeyValidatorImpl.java

@@ -20,6 +20,9 @@
 
 import com.google.inject.Singleton;
 
+import java.io.File;
+import java.util.Arrays;
+
 /**
  * Validates name for filesystem container blob keys implementation
  *
@@ -38,6 +41,8 @@ public void validate(String name) throws IllegalArgumentException {
         //blobkey cannot start with / (or \ in Windows) character
         if (name.startsWith("\\") || name.startsWith("/"))
             throw new IllegalArgumentException("Blob key '" + name + "' cannot start with \\ or /");
+        if (Arrays.asList(name.split(File.separator.equals("\\") ? "\\\\" : File.separator)).contains(".."))
+            throw new IllegalArgumentException("Blob key '" + name + "' cannot contain ../");
     }
 
 }

apis/filesystem/src/main/java/org/jclouds/filesystem/predicates/validators/internal/FilesystemContainerNameValidatorImpl.java

@@ -38,6 +38,8 @@ public void validate(String name) throws IllegalArgumentException {
         //container name cannot contains / (or \ in Windows) character
         if (name.contains("\\") || name.contains("/"))
             throw new IllegalArgumentException("Container name '" + name + "' cannot contain \\ or /");
+        if (name.equals(".") || name.equals(".."))
+            throw new IllegalArgumentException("Container name cannot be . or ..");
     }
 
 }

apis/filesystem/src/main/java/org/jclouds/filesystem/strategy/internal/FilesystemStorageStrategyImpl.java

@@ -187,6 +187,7 @@ public boolean createContainerInLocation(String container, Location location, Cr
 
    @Override
    public ContainerAccess getContainerAccess(String container) {
+      filesystemContainerNameValidator.validate(container);
       File file = new File(buildPathStartingFromBaseDir(container));
       if (!file.exists()) {
          throw new ContainerNotFoundException(container, "in getContainerAccess");
@@ -217,6 +218,7 @@ public ContainerAccess getContainerAccess(String container) {
 
    @Override
    public void setContainerAccess(String container, ContainerAccess access) {
+      filesystemContainerNameValidator.validate(container);
       Path path = new File(buildPathStartingFromBaseDir(container)).toPath();
 
       if ( isWindows() ) {
@@ -310,6 +312,7 @@ else if (object.isDirectory() && (optsPrefix.endsWith(File.separator) || isNullO
 
    @Override
    public StorageMetadata getContainerMetadata(String container) {
+      filesystemContainerNameValidator.validate(container);
       MutableStorageMetadata metadata = new MutableStorageMetadataImpl();
       metadata.setName(container);
       metadata.setType(StorageType.CONTAINER);
@@ -378,6 +381,8 @@ public String apply(String string) {
 
    @Override
    public Blob getBlob(final String container, final String key) {
+      filesystemContainerNameValidator.validate(container);
+      filesystemBlobKeyValidator.validate(key);
       BlobBuilder builder = blobBuilders.get();
       builder.name(key);
       File file = getFileForBlobKey(container, key);
@@ -658,6 +663,8 @@ public void removeBlob(final String container, final String blobKey) {
 
    @Override
    public BlobAccess getBlobAccess(String containerName, String blobName) {
+      filesystemContainerNameValidator.validate(containerName);
+      filesystemBlobKeyValidator.validate(blobName);
       if (!new File(buildPathStartingFromBaseDir(containerName)).exists()) {
          throw new ContainerNotFoundException(containerName, "in getBlobAccess");
       }
@@ -691,6 +698,8 @@ public BlobAccess getBlobAccess(String containerName, String blobName) {
 
    @Override
    public void setBlobAccess(String container, String name, BlobAccess access) {
+      filesystemContainerNameValidator.validate(container);
+      filesystemBlobKeyValidator.validate(name);
       Path path = new File(buildPathStartingFromBaseDir(container, name)).toPath();
       if ( isWindows() ) {
          try {

apis/filesystem/src/test/java/org/jclouds/filesystem/predicates/validators/internal/FilesystemBlobKeyValidatorTest.java

@@ -36,6 +36,7 @@ public void testNamesValidity() {
 
         validator.validate("all.img");
         validator.validate("all" + File.separator + "is" + File.separator + "" + "ok");
+        validator.validate("all" + File.separator + "is" + File.separator + ".." + "ok");
     }
 
     @Test
@@ -51,6 +52,11 @@ public void testInvalidNames() {
             validator.validate(File.separator + "is" + File.separator + "" + "ok");
             fail("Blob key value incorrect, but was not recognized");
         } catch (IllegalArgumentException e) {}
+
+        try {
+            validator.validate("all" + File.separator + ".." + File.separator + "ok");
+            fail("Blob key value incorrect, but was not recognized");
+        } catch (IllegalArgumentException e) {}
     }
 
 

apis/filesystem/src/test/java/org/jclouds/filesystem/predicates/validators/internal/FilesystemContainerNameValidatorTest.java

@@ -60,6 +60,16 @@ public void testInvalidNames() {
             validator.validate("all" + File.separator + "is" + File.separator);
             fail("Container name value incorrect, but was not recognized");
         } catch (IllegalArgumentException e) {}
+
+        try {
+            validator.validate(".");
+            fail("Container name value incorrect, but was not recognized");
+        } catch (IllegalArgumentException e) {}
+
+        try {
+            validator.validate("..");
+            fail("Container name value incorrect, but was not recognized");
+        } catch (IllegalArgumentException e) {}
     }