Merge pull request ClickHouse#90181 from ClickHouse/backport/25.8/90079

Algunenano · web-flow · commit 5bb26dbe6a67 · 2025-11-17T20:29:31.000+01:00
Backport ClickHouse#90079 to 25.8: Allow files starting with dots in user_files
diff --git a/src/Common/filesystemHelpers.cpp b/src/Common/filesystemHelpers.cpp
@@ -219,7 +219,17 @@ String getFilesystemName([[maybe_unused]] const String & mount_point)
 bool pathStartsWith(const std::filesystem::path & path, const std::filesystem::path & prefix_path)
 {
     auto rel = fs::relative(path, prefix_path);
-    return (!rel.empty() && (rel.native() == "." || rel.native()[0] != '.'));
+    if (rel.empty() || rel == "..")
+        return false;
+
+    while (rel.has_relative_path())
+    {
+        rel = rel.parent_path();
+        if (rel == "..")
+            return false;
+    }
+
+    return true;
 }
 
 static bool fileOrSymlinkPathStartsWith(const std::filesystem::path & path, const std::filesystem::path & prefix_path)
@@ -230,7 +240,18 @@ static bool fileOrSymlinkPathStartsWith(const std::filesystem::path & path, cons
     /// not be a path of a symlink itself.
 
     auto rel = fs::absolute(path).lexically_normal().lexically_relative(fs::absolute(prefix_path).lexically_normal());
-    return (!rel.empty() && (rel.native() == "." || rel.native()[0] != '.'));
+
+    if (rel.empty() || rel == "..")
+        return false;
+
+    while (rel.has_relative_path())
+    {
+        rel = rel.parent_path();
+        if (rel == "..")
+            return false;
+    }
+
+    return true;
 }
 
 bool pathStartsWith(const String & path, const String & prefix_path)
diff --git a/tests/queries/0_stateless/03624_proper_path_starts_with.sh b/tests/queries/0_stateless/03624_proper_path_starts_with.sh
@@ -9,4 +9,20 @@ BAD_PATH_PARENT=$(echo "${USER_FILES_PATH}" | sed 's:/*$::')/../BAD
 BAD_PATH_EXTRA=$(echo "${USER_FILES_PATH}" | sed 's:/*$::')_BAD
 
 $CLICKHOUSE_CLIENT --query "CREATE TABLE t (a UInt64) ENGINE=File('CSV', '${BAD_PATH_PARENT}') -- { serverError DATABASE_ACCESS_DENIED }"
-$CLICKHOUSE_CLIENT --query "CREATE TABLE t (a UInt64) ENGINE=File('CSV', '${BAD_PATH_EXTRA}') -- { serverError DATABASE_ACCESS_DENIED }"
+$CLICKHOUSE_CLIENT --query "CREATE TABLE t (a UInt64) ENGINE=File('CSV', '${BAD_PATH_EXTRA}') -- { serverError DATABASE_ACCESS_DENIED }"
+
+# Check the behaviour with dots in the path
+# We allow paths like ./file or .file or ..file or a/../s.csv
+# But not paths that go to the parent directory like ../BAD or dir/../../BAD
+
+GOOD_PATH_WITH_DOT=$(echo "${USER_FILES_PATH}/.file_that_does_not_exist_but_is_in_a_valid_path.csv")
+GOOD_PATH_WITH_DOTS=$(echo "${USER_FILES_PATH}/..file_that_does_not_exist_but_is_in_a_valid_path.csv")
+GOOD_PATH_WITH_DOTS_BUT_INSIDE=$(echo "${USER_FILES_PATH}/..a/../s.csv")
+BAD_PATH_PARENT_AFTER_SOME_DOTS=$(echo "${USER_FILES_PATH}" | sed 's:/*$::')/.DIR/../../BAD
+
+$CLICKHOUSE_CLIENT --query "DROP TABLE IF EXISTS tdot, tdotdot, tdotdotin"
+
+$CLICKHOUSE_CLIENT --query "CREATE TABLE tdot (a UInt64) ENGINE=File('CSV', '${GOOD_PATH_WITH_DOT}')"
+$CLICKHOUSE_CLIENT --query "CREATE TABLE tdotdot (a UInt64) ENGINE=File('CSV', '${GOOD_PATH_WITH_DOTS}')"
+$CLICKHOUSE_CLIENT --query "CREATE TABLE tdotdotin (a UInt64) ENGINE=File('CSV', '${GOOD_PATH_WITH_DOTS_BUT_INSIDE}')"
+$CLICKHOUSE_CLIENT --query "CREATE TABLE t (a UInt64) ENGINE=File('CSV', '${BAD_PATH_PARENT_AFTER_SOME_DOTS}') -- { serverError DATABASE_ACCESS_DENIED }"
