Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Java: add File.getName as a path injection sanitizer #18214

Merged
merged 2 commits into from
Dec 11, 2024

Conversation

jcogs33
Copy link
Contributor

@jcogs33 jcogs33 commented Dec 4, 2024

Adds java.io.File.getName as a path injection sanitizer.

Pull Request checklist

All query authors

Internal query authors only

  • Changes are validated at scale (internal access required).

@github-actions github-actions bot added the Java label Dec 4, 2024
@jcogs33 jcogs33 force-pushed the jcogs33/java/file-getname-path-sanitizer branch from 1e0ef81 to 121780c Compare December 4, 2024 23:58
Copy link
Contributor

@owen-mc owen-mc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me. Just needs a change note. You could use MRVA to find instances of the sanitizer to check that it's doing the right thing, given that it probably won't have that much effect on actual results.

@jcogs33
Copy link
Contributor Author

jcogs33 commented Dec 5, 2024

Thanks for the review!

Just needs a change note. You could use MRVA to find instances of the sanitizer to check that it's doing the right thing, given that it probably won't have that much effect on actual results.

Yes, it's still in draft due to the change note and MRVA/DCA review. 🙂

@jcogs33
Copy link
Contributor Author

jcogs33 commented Dec 10, 2024

MRVA/DCA alert changes look reasonable.

@jcogs33 jcogs33 marked this pull request as ready for review December 10, 2024 22:33
@jcogs33 jcogs33 requested a review from a team as a code owner December 10, 2024 22:33
@jcogs33 jcogs33 requested a review from owen-mc December 10, 2024 22:33
@jcogs33 jcogs33 merged commit 538dee8 into github:main Dec 11, 2024
16 checks passed
@jcogs33 jcogs33 deleted the jcogs33/java/file-getname-path-sanitizer branch December 11, 2024 15:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants