Add additional path segment to create a valid symlink

Author: mb388a

src/main/java/org/jenkinsci/plugins/workflow/libs/LibraryAdder.java

@@ -24,12 +24,17 @@
 
 package org.jenkinsci.plugins.workflow.libs;
 
+import hudson.AbortException;
+import hudson.Extension;
+import hudson.ExtensionList;
+import hudson.FilePath;
+import hudson.model.Queue;
+import hudson.model.Run;
+import hudson.model.TaskListener;
 import java.io.File;
 import java.io.IOException;
 import java.io.InputStream;
 import java.net.URL;
-import java.nio.file.Files;
-import java.nio.file.Path;
 import java.util.ArrayList;
 import java.util.Base64;
 import java.util.Collection;
@@ -38,10 +43,12 @@
 import java.util.LinkedHashMap;
 import java.util.List;
 import java.util.Map;
+import java.util.Set;
 import java.util.TreeMap;
 import java.util.logging.Level;
 import java.util.logging.Logger;
-
+import edu.umd.cs.findbugs.annotations.CheckForNull;
+import edu.umd.cs.findbugs.annotations.NonNull;
 import org.apache.commons.io.IOUtils;
 import org.jenkinsci.plugins.workflow.cps.CpsFlowExecution;
 import org.jenkinsci.plugins.workflow.cps.GlobalVariable;
@@ -51,16 +58,6 @@
 import org.jenkinsci.plugins.workflow.cps.replay.ReplayAction;
 import org.jenkinsci.plugins.workflow.flow.FlowCopier;
 
-import edu.umd.cs.findbugs.annotations.CheckForNull;
-import edu.umd.cs.findbugs.annotations.NonNull;
-import hudson.AbortException;
-import hudson.Extension;
-import hudson.ExtensionList;
-import hudson.FilePath;
-import hudson.model.Queue;
-import hudson.model.Run;
-import hudson.model.TaskListener;
-
 /**
  * Given {@link LibraryResolver}, actually adds to the Groovy classpath.
  */
@@ -260,15 +257,7 @@ static List<URL> retrieve(@NonNull LibraryRecord record, @NonNull LibraryRetriev
                 for (LibraryRecord library : action.getLibraries()) {
                     FilePath libResources = libs.child(library.getDirectoryName() + "/resources/");
                     FilePath f = libResources.child(name);
-                    LOGGER.info("path: " + new File(f.getRemote()).getCanonicalFile().toPath());
-                    LOGGER.info("library path: " + new File(libResources.getRemote()).getCanonicalPath());
-                    File requestedFile = new File(f.getRemote()).getCanonicalFile();
-                    Path requestedFilePath = requestedFile.toPath();
-                    if (Files.isSymbolicLink(requestedFilePath)) {
-                        requestedFilePath = Files.readSymbolicLink(requestedFilePath).toFile().getCanonicalFile().toPath();
-                    }
-                    LOGGER.info("requested file path: " +requestedFilePath);
-                    if (!requestedFilePath.startsWith(new File(libResources.getRemote()).getCanonicalPath())) {
+                    if (!new File(f.getRemote()).getCanonicalFile().toPath().startsWith(new File(libResources.getRemote()).getCanonicalPath())) {
                         throw new AbortException(name + " references a file that is not contained within the library: " + library.name);
                     } else if (f.exists()) {
                         resources.put(library.name, readResource(f, encoding));

src/test/java/org/jenkinsci/plugins/workflow/libs/ResourceStepTest.java

@@ -195,7 +195,7 @@ public class ResourceStepTest {
         Path resourcesDir = Paths.get(sampleRepo.getRoot().getPath(), "resources");
         Files.createDirectories(resourcesDir);
         Path symlinkPath = Paths.get(resourcesDir.toString(), "master.key");
-        Files.createSymbolicLink(symlinkPath, Paths.get("../../../../../../../secrets/master.key"));
+        Files.createSymbolicLink(symlinkPath, Paths.get("../../../../../../../../secrets/master.key"));
 
         sampleRepo.git("add", "src", "resources");
         sampleRepo.git("commit", "--message=init");