[jira] [Commented] (IO-559) FilenameUtils.normalize should verify hostname syntax in UNC path

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[jira] [Commented] (IO-559) FilenameUtils.normalize should verify hostname syntax in UNC path

ASF GitHub Bot (Jira)

    [ https://issues.apache.org/jira/browse/IO-559?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16928724#comment-16928724 ]

Peter Rozovski commented on IO-559:
-----------------------------------

COMMONS-IO team, any ETA for 2.7 release?

Black Duck scan show COMMONS-IO 2.6 as vulnerable due to this issue (IO-559). 

 

> FilenameUtils.normalize should verify hostname syntax in UNC path
> -----------------------------------------------------------------
>
>                 Key: IO-559
>                 URL: https://issues.apache.org/jira/browse/IO-559
>             Project: Commons IO
>          Issue Type: Bug
>          Components: Utilities
>    Affects Versions: 2.6
>            Reporter: Stefan Bodewig
>            Priority: Major
>             Fix For: 2.7
>
>
> {{FilenameUtils.normalize}} will accept broken file names as UNC path even if their hostname part doesn't match the syntax of a proper hostname. Using certain hostnames like "." this may lead to strange side effects.
> Most likely the best fix will be to make {{getPrefixLength}} verify the hostname part of a suspected UNC path and return a value of {{NOT_FOUND}} if it is not a valid hostname - much like it does for triple slashes.



--
This message was sent by Atlassian Jira
(v8.3.2#803003)