Uploaded image for project: 'Camel'
  1. Camel
  2. CAMEL-13042

camel-core - File producer should by default not allow writing files to directories outside its starting directory

    XMLWordPrintableJSON

    Details

    • Estimated Complexity:
      Unknown

      Description

      For example

      <from uri="file:src/test/resources/data?noop=true"/>
      <setHeader headerName="CamelFileName">
          <simple>../../${file:name}</simple>
      </setHeader>
      <to uri="file:target/results"/>
      

      Can write the file outside the target/results folder. We should not allow this by default to be more security friendly.

      We should add a new option (maybe name it jailStartingDirectory or allowWriteOutsideStartingDirectory) or some better name

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                davsclaus Claus Ibsen
                Reporter:
                davsclaus Claus Ibsen
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 20m
                  20m