Skip to content

Commit d667f9c

Browse files
prdoyleprdoyle
committed
Strip trailing separators in normalizePath
1 parent b0ed006 commit d667f9c

File tree

2 files changed

+18
-1
lines changed

2 files changed

+18
-1
lines changed

libs/entitlement/src/main/java/org/elasticsearch/entitlement/runtime/policy/FileAccessTree.java

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -89,7 +89,11 @@ static String normalizePath(Path path) {
8989
// Note that toAbsolutePath produces paths separated by the default file separator,
9090
// so on Windows, if the given path uses forward slashes, this consistently
9191
// converts it to backslashes.
92-
return path.toAbsolutePath().normalize().toString();
92+
String result = path.toAbsolutePath().normalize().toString();
93+
while (result.endsWith(FILE_SEPARATOR)) {
94+
result = result.substring(0, result.length() - FILE_SEPARATOR.length());
95+
}
96+
return result;
9397
}
9498

9599
private static boolean checkPath(String path, String[] paths) {

libs/entitlement/src/test/java/org/elasticsearch/entitlement/runtime/policy/FileAccessTreeTests.java

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -180,10 +180,23 @@ public void testMultipleDataDirs() {
180180
public void testNormalizePath() {
181181
var tree = accessTree(entitlement("foo/../bar", "read"));
182182
assertThat(tree.canRead(path("foo/../bar")), is(true));
183+
assertThat(tree.canRead(path("foo/../bar/")), is(true));
183184
assertThat(tree.canRead(path("foo")), is(false));
184185
assertThat(tree.canRead(path("")), is(false));
185186
}
186187

188+
public void testNormalizeTrailingSlashes() {
189+
var tree = accessTree(entitlement("/trailing/slash/", "read", "/no/trailing/slash", "read"));
190+
assertThat(tree.canRead(path("/trailing/slash")), is(true));
191+
assertThat(tree.canRead(path("/trailing/slash/")), is(true));
192+
assertThat(tree.canRead(path("/trailing/slash.xml")), is(false));
193+
assertThat(tree.canRead(path("/trailing/slash/file.xml")), is(true));
194+
assertThat(tree.canRead(path("/no/trailing/slash")), is(true));
195+
assertThat(tree.canRead(path("/no/trailing/slash/")), is(true));
196+
assertThat(tree.canRead(path("/no/trailing/slash.xml")), is(false));
197+
assertThat(tree.canRead(path("/no/trailing/slash/file.xml")), is(true));
198+
}
199+
187200
public void testForwardSlashes() {
188201
String sep = getDefaultFileSystem().getSeparator();
189202
var tree = accessTree(entitlement("a/b", "read", "m" + sep + "n", "read"));

0 commit comments

Comments
 (0)