[CAMEL-13042] camel-core - File producer should by default not allow writing files to directories outside its starting directory - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 2.23.0
Fix Version/s: 2.21.5, 2.22.3, 2.23.1, 2.24.0, 3.0.0
Component/s: camel-core
Labels:
None

Estimated Complexity:
Unknown

Description

For example

<from uri="file:src/test/resources/data?noop=true"/>
<setHeader headerName="CamelFileName">
    <simple>../../${file:name}</simple>
</setHeader>
<to uri="file:target/results"/>

Can write the file outside the target/results folder. We should not allow this by default to be more security friendly.

We should add a new option (maybe name it jailStartingDirectory or allowWriteOutsideStartingDirectory) or some better name

Attachments

Issue Links

is related to

CAMEL-18616 camel-file - Add option to jail starting directory

Resolved

links to

GitHub Pull Request #2700

Activity

People

Assignee:: Claus Ibsen

Reporter:: Claus Ibsen

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 08/Jan/19 12:13

Updated:: 17/Oct/22 09:24

Resolved:: 09/Jan/19 09:42

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

20m