lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Høydahl (JIRA) <j...@apache.org>
Subject [jira] [Commented] (SOLR-8873) Enforce dataDir/instanceDir/ulogDir to be paths that contain only a controlled subset of characters
Date Mon, 04 Apr 2016 22:20:25 GMT

    [ https://issues.apache.org/jira/browse/SOLR-8873?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15225178#comment-15225178
] 

Jan Høydahl commented on SOLR-8873:
-----------------------------------

If there is no examples of how an arbitrary, legal, file path can harm Solr, I see no reason
to restrict our users.
The uploaded patch checks for validity *after* {{.toAbsolutePath().toString()}}, meaning it
demands that the *full absolute* path conforms. What if someone have installed Solr in {{C:\Program
Files (x86)\solr}}, then after an upgrade Solr won't start?
Let us not enforce restrictions until we see evidence of actual issues, with SOLR-8725 fresh
in mind..

> Enforce dataDir/instanceDir/ulogDir to be paths that contain only a controlled subset
of characters
> ---------------------------------------------------------------------------------------------------
>
>                 Key: SOLR-8873
>                 URL: https://issues.apache.org/jira/browse/SOLR-8873
>             Project: Solr
>          Issue Type: Improvement
>            Reporter: Tomás Fernández Löbbe
>         Attachments: SOLR-8873.patch
>
>
> We currently support any valid path for dataDir/instanceDir/ulogDir. I think we should
prevent special characters and restrict to a subset that is commonly used and tested.
> My initial proposals it to allow the Java pattern: {code:java}"^[a-zA-Z0-9\\.\\ \\\\\\-_/\"':]+$"{code}
but I'm open to suggestions. I'm not sure if there can be issues with HDFS paths (this pattern
does pass the tests we currently have), or some other use case I'm not considering.
> I also think our tests should use all those characters randomly. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org


Mime
View raw message