Support backslashes

Author: prdoyle

libs/entitlement/src/main/java/org/elasticsearch/entitlement/runtime/policy/FileAccessTree.java

@@ -11,6 +11,7 @@
 
 import org.elasticsearch.entitlement.runtime.policy.entitlements.FileEntitlement;
 
+import java.io.File;
 import java.nio.file.Path;
 import java.util.ArrayList;
 import java.util.Arrays;
@@ -27,11 +28,11 @@ private FileAccessTree(List<FileEntitlement> fileEntitlements) {
         List<String> readPaths = new ArrayList<>();
         List<String> writePaths = new ArrayList<>();
         for (FileEntitlement fileEntitlement : fileEntitlements) {
-            var mode = fileEntitlement.mode();
-            if (mode == FileEntitlement.Mode.READ_WRITE) {
-                writePaths.add(fileEntitlement.path());
+            String path = normalizedPath(fileEntitlement);
+            if (fileEntitlement.mode() == FileEntitlement.Mode.READ_WRITE) {
+                writePaths.add(path);
             }
-            readPaths.add(fileEntitlement.path());
+            readPaths.add(path);
         }
 
         readPaths.sort(String::compareTo);
@@ -53,8 +54,12 @@ boolean canWrite(Path path) {
         return checkPath(normalize(path), writePaths);
     }
 
+    private static String normalizedPath(FileEntitlement fileEntitlement) {
+        return normalize(new File(fileEntitlement.path()).toPath());
+    }
+
     private static String normalize(Path path) {
-        return path.toAbsolutePath().normalize().toString();
+        return path.toAbsolutePath().normalize().toString().replace('\\', '/');
     }
 
     private static boolean checkPath(String path, String[] paths) {

libs/entitlement/src/test/java/org/elasticsearch/entitlement/runtime/policy/FileAccessTreeTests.java

@@ -87,6 +87,17 @@ public void testNormalizePath() {
         assertThat(tree.canRead(path("")), is(false));
     }
 
+    public void testSlashesAreInterchangeable() {
+        var tree = FileAccessTree.of(List.of(entitlement("a/b", "read"), entitlement("m\\n", "read")));
+        assertThat(tree.canRead(path("a/b")), is(true));
+        assertThat(tree.canRead(path("a\\b")), is(true));
+        assertThat(tree.canRead(path("m/n")), is(true));
+        assertThat(tree.canRead(path("m\\n")), is(true));
+
+        // Backslash shouldn't be treated as an escape
+        assertThat(tree.canRead(path("m\n")), is(false));
+    }
+
     FileEntitlement entitlement(String path, String mode) {
         Path p = path(path);
         return new FileEntitlement(p.toString(), mode);