From e30a7f896ad72d6e7e9d9d7adb85642f42ce79ad Mon Sep 17 00:00:00 2001 From: XingY Date: Tue, 30 Sep 2025 10:29:53 -0700 Subject: [PATCH 1/5] Check file path name --- api/src/org/labkey/api/util/FileType.java | 11 ++++++++++- api/src/org/labkey/api/util/FileUtil.java | 2 +- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/api/src/org/labkey/api/util/FileType.java b/api/src/org/labkey/api/util/FileType.java index 80d274fa6f7..dbbe90b0e05 100644 --- a/api/src/org/labkey/api/util/FileType.java +++ b/api/src/org/labkey/api/util/FileType.java @@ -243,7 +243,16 @@ public FileType(List suffixes, String defaultSuffix, boolean dir, gzSupp private String tryName(Path parentDir, String name) { if (_supportGZ.booleanValue()) // TPP treats xml.gz as a native format - { // in the case of existing files, non-gz copy wins if present + { + try + { + FileUtil.legalPathPartThrow(name); + } + catch (Exception e) + { + return name; // don't try to be clever if the name is not legal + } + // in the case of existing files, non-gz copy wins if present Path f = parentDir!=null ? FileUtil.appendName(parentDir, name) : Path.of(name); if (!NetworkDrive.exists(f)) { // non-gz copy doesn't exist - how about .gz version? diff --git a/api/src/org/labkey/api/util/FileUtil.java b/api/src/org/labkey/api/util/FileUtil.java index a2ac2bc5b68..e56a9b50827 100644 --- a/api/src/org/labkey/api/util/FileUtil.java +++ b/api/src/org/labkey/api/util/FileUtil.java @@ -890,7 +890,7 @@ public static Path appendName(Path dir, String name) // narrower check than isLegalName() or isAllowedFileName() // this check that a name is a valid path part (e.g. filename) and is not path like. - private static void legalPathPartThrow(String name) + public static void legalPathPartThrow(String name) { int invalidCharacterIndex = StringUtils.indexOfAny(name, '/', File.separatorChar); if (invalidCharacterIndex >= 0) From 4166598d747df201817ff949229db0f975e960b6 Mon Sep 17 00:00:00 2001 From: XingY Date: Tue, 30 Sep 2025 12:22:58 -0700 Subject: [PATCH 2/5] Add more check --- api/src/org/labkey/api/util/FileType.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api/src/org/labkey/api/util/FileType.java b/api/src/org/labkey/api/util/FileType.java index dbbe90b0e05..c927d8c76bb 100644 --- a/api/src/org/labkey/api/util/FileType.java +++ b/api/src/org/labkey/api/util/FileType.java @@ -349,7 +349,7 @@ public String getName(Path parentDir, String basename) for (String suffix : _suffixes) { String name = tryName(parentDir, basename + suffix); - Path f = parentDir.resolve(name); + Path f = FileUtil.appendName(parentDir, name); if (NetworkDrive.exists(f)) { // avoid, for example, mistaking protxml ".pep-prot.xml" for pepxml ".xml" file From 3ee08b44e368e007c193fda1bcfab3306b903603 Mon Sep 17 00:00:00 2001 From: XingY Date: Tue, 30 Sep 2025 12:29:48 -0700 Subject: [PATCH 3/5] Fail on bad filename --- api/src/org/labkey/api/util/FileType.java | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/api/src/org/labkey/api/util/FileType.java b/api/src/org/labkey/api/util/FileType.java index c927d8c76bb..623c040e064 100644 --- a/api/src/org/labkey/api/util/FileType.java +++ b/api/src/org/labkey/api/util/FileType.java @@ -244,14 +244,7 @@ private String tryName(Path parentDir, String name) { if (_supportGZ.booleanValue()) // TPP treats xml.gz as a native format { - try - { - FileUtil.legalPathPartThrow(name); - } - catch (Exception e) - { - return name; // don't try to be clever if the name is not legal - } + FileUtil.legalPathPartThrow(name); // in the case of existing files, non-gz copy wins if present Path f = parentDir!=null ? FileUtil.appendName(parentDir, name) : Path.of(name); if (!NetworkDrive.exists(f)) From a9ddb7e7f5a7d10b9622413a56648d9b3059ccf0 Mon Sep 17 00:00:00 2001 From: XingY Date: Tue, 30 Sep 2025 12:36:42 -0700 Subject: [PATCH 4/5] more fix --- api/src/org/labkey/api/util/FileType.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api/src/org/labkey/api/util/FileType.java b/api/src/org/labkey/api/util/FileType.java index 623c040e064..680795aafaa 100644 --- a/api/src/org/labkey/api/util/FileType.java +++ b/api/src/org/labkey/api/util/FileType.java @@ -374,7 +374,7 @@ public File getFile(File parentDir, String basename) public Path getPath(Path parentDir, String basename) { - return parentDir.resolve(getName(parentDir, basename)); + return FileUtil.appendName(parentDir, getName(parentDir, basename)); } /** From 647b61a70706bd0d2dca8dc44d321a0eefe833b0 Mon Sep 17 00:00:00 2001 From: XingY Date: Tue, 30 Sep 2025 13:56:27 -0700 Subject: [PATCH 5/5] Choose better log file name --- api/src/org/labkey/api/pipeline/PipelineJob.java | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/api/src/org/labkey/api/pipeline/PipelineJob.java b/api/src/org/labkey/api/pipeline/PipelineJob.java index 055699b030f..18e595703a3 100644 --- a/api/src/org/labkey/api/pipeline/PipelineJob.java +++ b/api/src/org/labkey/api/pipeline/PipelineJob.java @@ -473,16 +473,17 @@ public Path getRemoteLogPath() /** Finds a file name that hasn't been used yet, appending ".2", ".3", etc as needed */ public static File findUniqueLogFile(File primaryFile, String baseName) { + String validBaseName = FileUtil.makeLegalName(baseName); // need to look in current and archived dirs for any unused log file names (issue 20987) - File fileLog = FT_LOG.newFile(primaryFile.getParentFile(), baseName); + File fileLog = FT_LOG.newFile(primaryFile.getParentFile(), validBaseName); File archivedDir = new File(primaryFile.getParentFile(), AssayFileWriter.ARCHIVED_DIR_NAME); - File fileLogArchived = FT_LOG.newFile(archivedDir, baseName); + File fileLogArchived = FT_LOG.newFile(archivedDir, validBaseName); int index = 1; while (NetworkDrive.exists(fileLog) || NetworkDrive.exists(fileLogArchived)) { - fileLog = FT_LOG.newFile(primaryFile.getParentFile(), baseName + "." + (index)); - fileLogArchived = FT_LOG.newFile(archivedDir, baseName + "." + (index++)); + fileLog = FT_LOG.newFile(primaryFile.getParentFile(), validBaseName + "." + (index)); + fileLogArchived = FT_LOG.newFile(archivedDir, validBaseName + "." + (index++)); } return fileLog;