rework URI path sanitization to avoid Path

vladak · vladak · commit 98b5a78dc6ae · 2025-08-29T18:55:23.000+02:00
diff --git a/opengrok-indexer/src/main/java/org/opengrok/indexer/web/Laundromat.java b/opengrok-indexer/src/main/java/org/opengrok/indexer/web/Laundromat.java
@@ -25,7 +25,6 @@
 import org.jetbrains.annotations.NotNull;
 import org.jetbrains.annotations.Nullable;
 
-import java.nio.file.Path;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collection;
@@ -40,7 +39,7 @@
  */
 public class Laundromat {
 
-    private static final String ESC_N_R_T_F = "[\\n\\r\\t\\f]";
+    private static final String ESC_N_R_T_F = "[\\n\\r\\t\\f\\u0000]";
     private static final String ESG_N_R_T_F_1_N = ESC_N_R_T_F + "+";
 
     /**
@@ -75,21 +74,22 @@ public static String launderRevision(String value) {
 
     /**
      * Sanitize {@code value} where it will be used in subsequent OpenGrok
-     * (non-logging) processing. The value is assumed to represent a file path,
-     * not necessarily existent on the file system.
-     * @return {@code null} if null or else {@code value} with path traversal
-     * path components {@code /../} removed.
+     * (non-logging) processing. The value is assumed to represent URI path,
+     * not necessarily existent on the file system. Further, it assumes that the URI path
+     * is already decoded, e.g. {@code %2e%2e} turned into {@code ..}.
+     * @return {@code value} with path traversal path components {@code /../}
+     * and null characters replaced with {@code _}.
      */
-    public static String launderPath(@NotNull String value) {
-        Path path = Path.of(Laundromat.launderInput(value));
+    public static String launderUriPath(@NotNull String value) {
         List<String> pathElements = new ArrayList<>();
-        for (int i = 0; i < path.getNameCount(); i++) {
-            if (path.getName(i).toString().equals("..")) {
+        String uriPath = Laundromat.launderInput(value);
+        for (String pathElement : uriPath.split("/")) {
+            if (pathElement.isEmpty() || pathElement.equals("..")) {
                 continue;
             }
-            pathElements.add(path.getName(i).toString());
+            pathElements.add(pathElement);
         }
-        return (path.isAbsolute() ? "/" : "") + String.join("/", pathElements);
+        return (uriPath.startsWith("/") ? "/" : "") + String.join("/", pathElements);
     }
 
     /**
diff --git a/opengrok-indexer/src/test/java/org/opengrok/indexer/web/LaundromatTest.java b/opengrok-indexer/src/test/java/org/opengrok/indexer/web/LaundromatTest.java
@@ -70,17 +70,19 @@ void testLaunderServerName(Pair<String, String> param) {
         assertEquals(param.getLeft(), param.getRight());
     }
 
-    private static Stream<Pair<String, String>> getParamsForTestLaunderPath() {
-        return Stream.of(Pair.of("foo", Laundromat.launderPath("../../../foo")),
-                Pair.of("/foo/bar", Laundromat.launderPath("/foo/../../bar")),
-                Pair.of("/foo/bar..", Laundromat.launderPath("/foo/bar..")),
-                Pair.of("..foo/bar", Laundromat.launderPath("..foo/bar")),
-                Pair.of("/foo/bar.txt", Laundromat.launderPath("/foo/bar.txt")));
+    private static Stream<Pair<String, String>> getParamsForTestLaunderUriPath() {
+        return Stream.of(Pair.of("foo", Laundromat.launderUriPath("../../../foo")),
+                Pair.of("/foo/bar", Laundromat.launderUriPath("/foo/../../bar")),
+                Pair.of("/foo/bar..", Laundromat.launderUriPath("/foo/bar..")),
+                Pair.of("/foo/bar", Laundromat.launderUriPath("/foo//bar")),
+                Pair.of("..foo/bar", Laundromat.launderUriPath("..foo/bar")),
+                Pair.of("/foo/bar.txt", Laundromat.launderUriPath("/foo/bar.txt")),
+                Pair.of("/foo/bar_.txt", Laundromat.launderUriPath("/foo/bar\u0000.txt")));
     }
 
     @ParameterizedTest
-    @MethodSource("getParamsForTestLaunderPath")
-    void testLaunderPath(Pair<String, String> param) {
+    @MethodSource("getParamsForTestLaunderUriPath")
+    void testLaunderUriPath(Pair<String, String> param) {
         assertEquals(param.getLeft(), param.getRight());
     }
 
diff --git a/opengrok-web/src/main/java/org/opengrok/web/PageConfig.java b/opengrok-web/src/main/java/org/opengrok/web/PageConfig.java
@@ -247,7 +247,7 @@ private boolean getFileRevision(DiffData data, String context, String[] filepath
             if (p != null) {
                 int j = p.lastIndexOf("@");
                 if (j != -1) {
-                    filepath[i - 1] = Laundromat.launderPath(p.substring(0, j));
+                    filepath[i - 1] = Laundromat.launderUriPath(p.substring(0, j));
                     data.rev[i - 1] = Laundromat.launderRevision(p.substring(j + 1));
                 }
             }

Original file line number	Diff line number	Diff line change
`@@ -247,7 +247,7 @@ private boolean getFileRevision(DiffData data, String context, String[] filepath`
`247`	`247`	`if (p != null) {`
`248`	`248`	`int j = p.lastIndexOf("@");`
`249`	`249`	`if (j != -1) {`
`250`		`- filepath[i - 1] = Laundromat.launderPath(p.substring(0, j));`
	`250`	`+ filepath[i - 1] = Laundromat.launderUriPath(p.substring(0, j));`
`251`	`251`	`data.rev[i - 1] = Laundromat.launderRevision(p.substring(j + 1));`
`252`	`252`	`}`
`253`	`253`	`}`