|
24 | 24 |
|
25 | 25 | package org.jenkinsci.plugins.workflow.libs; |
26 | 26 |
|
27 | | -import hudson.AbortException; |
28 | | -import hudson.Extension; |
29 | | -import hudson.ExtensionList; |
30 | | -import hudson.FilePath; |
31 | | -import hudson.model.Queue; |
32 | | -import hudson.model.Run; |
33 | | -import hudson.model.TaskListener; |
34 | 27 | import java.io.File; |
35 | 28 | import java.io.IOException; |
36 | 29 | import java.io.InputStream; |
37 | 30 | import java.net.URL; |
| 31 | +import java.nio.file.Files; |
| 32 | +import java.nio.file.Path; |
38 | 33 | import java.util.ArrayList; |
39 | 34 | import java.util.Base64; |
40 | 35 | import java.util.Collection; |
|
43 | 38 | import java.util.LinkedHashMap; |
44 | 39 | import java.util.List; |
45 | 40 | import java.util.Map; |
46 | | -import java.util.Set; |
47 | 41 | import java.util.TreeMap; |
48 | 42 | import java.util.logging.Level; |
49 | 43 | import java.util.logging.Logger; |
50 | | -import edu.umd.cs.findbugs.annotations.CheckForNull; |
51 | | -import edu.umd.cs.findbugs.annotations.NonNull; |
| 44 | + |
52 | 45 | import org.apache.commons.io.IOUtils; |
53 | 46 | import org.jenkinsci.plugins.workflow.cps.CpsFlowExecution; |
54 | 47 | import org.jenkinsci.plugins.workflow.cps.GlobalVariable; |
|
58 | 51 | import org.jenkinsci.plugins.workflow.cps.replay.ReplayAction; |
59 | 52 | import org.jenkinsci.plugins.workflow.flow.FlowCopier; |
60 | 53 |
|
| 54 | +import edu.umd.cs.findbugs.annotations.CheckForNull; |
| 55 | +import edu.umd.cs.findbugs.annotations.NonNull; |
| 56 | +import hudson.AbortException; |
| 57 | +import hudson.Extension; |
| 58 | +import hudson.ExtensionList; |
| 59 | +import hudson.FilePath; |
| 60 | +import hudson.model.Queue; |
| 61 | +import hudson.model.Run; |
| 62 | +import hudson.model.TaskListener; |
| 63 | + |
61 | 64 | /** |
62 | 65 | * Given {@link LibraryResolver}, actually adds to the Groovy classpath. |
63 | 66 | */ |
@@ -257,7 +260,15 @@ static List<URL> retrieve(@NonNull LibraryRecord record, @NonNull LibraryRetriev |
257 | 260 | for (LibraryRecord library : action.getLibraries()) { |
258 | 261 | FilePath libResources = libs.child(library.getDirectoryName() + "/resources/"); |
259 | 262 | FilePath f = libResources.child(name); |
260 | | - if (!new File(f.getRemote()).getCanonicalFile().toPath().startsWith(new File(libResources.getRemote()).getCanonicalPath())) { |
| 263 | + LOGGER.info("path: " + new File(f.getRemote()).getCanonicalFile().toPath()); |
| 264 | + LOGGER.info("library path: " + new File(libResources.getRemote()).getCanonicalPath()); |
| 265 | + File requestedFile = new File(f.getRemote()).getCanonicalFile(); |
| 266 | + Path requestedFilePath = requestedFile.toPath(); |
| 267 | + if (Files.isSymbolicLink(requestedFilePath)) { |
| 268 | + requestedFilePath = Files.readSymbolicLink(requestedFilePath).toFile().getCanonicalFile().toPath(); |
| 269 | + } |
| 270 | + LOGGER.info("requested file path: " +requestedFilePath); |
| 271 | + if (!requestedFilePath.startsWith(new File(libResources.getRemote()).getCanonicalPath())) { |
261 | 272 | throw new AbortException(name + " references a file that is not contained within the library: " + library.name); |
262 | 273 | } else if (f.exists()) { |
263 | 274 | resources.put(library.name, readResource(f, encoding)); |
|
0 commit comments