diff options
author | Janak <janak@janak.org> | 2015-05-05 17:48:49 +0000 |
---|---|---|
committer | Han-Wen Nienhuys <hanwen@google.com> | 2015-05-05 21:52:28 +0000 |
commit | f45e43a4b6d7e6b93a3b62082ac486335d3212da (patch) | |
tree | 6d2859699cffc55d7b37ea5ffc310a599b0261b3 /src/main/java/com/google/devtools | |
parent | 433d8827e07f188c81356da324401511b53f7ef6 (diff) |
Unconditionally disallow path fragments with up-level references
when resolving source artifacts.
Fixes #152.
--
Change-Id: I16e711b77374ecdf07a014935fca39acadaa2081
MOS_MIGRATED_REVID=92838655
Diffstat (limited to 'src/main/java/com/google/devtools')
-rw-r--r-- | src/main/java/com/google/devtools/build/lib/actions/ArtifactFactory.java | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/src/main/java/com/google/devtools/build/lib/actions/ArtifactFactory.java b/src/main/java/com/google/devtools/build/lib/actions/ArtifactFactory.java index 72e29c9232..f9c0e75fe7 100644 --- a/src/main/java/com/google/devtools/build/lib/actions/ArtifactFactory.java +++ b/src/main/java/com/google/devtools/build/lib/actions/ArtifactFactory.java @@ -228,6 +228,10 @@ public class ArtifactFactory implements ArtifactResolver, ArtifactSerializer, Ar @Override public synchronized Artifact resolveSourceArtifact(PathFragment execPath) { execPath = execPath.normalize(); + if (execPath.containsUplevelReferences()) { + // Source exec paths cannot escape the source root. + return null; + } // First try a quick map lookup to see if the artifact already exists. Artifact a = pathToSourceArtifact.get(execPath); if (a != null) { @@ -257,6 +261,11 @@ public class ArtifactFactory implements ArtifactResolver, ArtifactSerializer, Ar for (PathFragment execPath : execPaths) { PathFragment execPathNormalized = execPath.normalize(); + if (execPathNormalized.containsUplevelReferences()) { + // Source exec paths cannot escape the source root. + result.put(execPath, null); + continue; + } // First try a quick map lookup to see if the artifact already exists. Artifact a = pathToSourceArtifact.get(execPathNormalized); if (a != null) { |