use of org.neo4j.graphdb.security.URLAccessValidationError in project neo4j by neo4j.
the class URLAccessRules method combined.
public static URLAccessRule combined(final Map<String, URLAccessRule> urlAccessRules) {
return new URLAccessRule() {
@Override
public URL validate(Configuration config, URL url) throws URLAccessValidationError {
String protocol = url.getProtocol();
URLAccessRule protocolRule = urlAccessRules.get(protocol);
if (protocolRule == null) {
throw new URLAccessValidationError("loading resources via protocol '" + protocol + "' is not permitted");
}
return protocolRule.validate(config, url);
}
};
}
use of org.neo4j.graphdb.security.URLAccessValidationError in project neo4j by neo4j.
the class FileURLAccessRuleTest method shouldThrowWhenFileURLContainsAuthority.
@Test
public void shouldThrowWhenFileURLContainsAuthority() throws Exception {
try {
URLAccessRules.fileAccess().validate(Config.empty(), new URL("file://foo/bar/baz"));
fail("expected exception not thrown ");
} catch (URLAccessValidationError error) {
assertThat(error.getMessage(), equalTo("file URL may not contain an authority section (i.e. it should be 'file:///')"));
}
}
use of org.neo4j.graphdb.security.URLAccessValidationError in project neo4j by neo4j.
the class FileURLAccessRule method validate.
@Override
public URL validate(Configuration config, URL url) throws URLAccessValidationError {
if (!(url.getAuthority() == null || url.getAuthority().equals(""))) {
throw new URLAccessValidationError("file URL may not contain an authority section (i.e. it should be 'file:///')");
}
if (!(url.getQuery() == null || url.getQuery().equals(""))) {
throw new URLAccessValidationError("file URL may not contain a query component");
}
if (!config.get(GraphDatabaseSettings.allow_file_urls)) {
throw new URLAccessValidationError("configuration property '" + GraphDatabaseSettings.allow_file_urls.name() + "' is false");
}
if (!((Config) config).isExplicitlySet(GraphDatabaseSettings.load_csv_file_url_root)) {
return url;
}
final Path root = config.get(GraphDatabaseSettings.load_csv_file_url_root);
try {
final Path urlPath = Path.of(url.toURI());
final Path rootPath = root.normalize().toAbsolutePath();
// Normalize to prevent dirty tricks like '..'
final Path result = rootPath.resolve(urlPath.getRoot().relativize(urlPath)).normalize().toAbsolutePath();
if (result.startsWith(rootPath)) {
return result.toUri().toURL();
}
throw new URLAccessValidationError("file URL points outside configured import directory");
} catch (MalformedURLException | URISyntaxException e) {
// unreachable
throw new RuntimeException(e);
}
}
use of org.neo4j.graphdb.security.URLAccessValidationError in project neo4j by neo4j.
the class FileURLAccessRuleTest method shouldThrowWhenFileURLContainsQuery.
@Test
public void shouldThrowWhenFileURLContainsQuery() throws Exception {
try {
URLAccessRules.fileAccess().validate(Config.empty(), new URL("file:///bar/baz?q=foo"));
fail("expected exception not thrown ");
} catch (URLAccessValidationError error) {
assertThat(error.getMessage(), equalTo("file URL may not contain a query component"));
}
}
Aggregations