Examples with URLAccessValidationError org.neo4j.graphdb.security.URLAccessValidationError used on opensource projects

Example 1 with URLAccessValidationError

use of org.neo4j.graphdb.security.URLAccessValidationError in project neo4j by neo4j.

the class URLAccessRules method combined.

public static URLAccessRule combined(final Map<String, URLAccessRule> urlAccessRules) {
    return new URLAccessRule() {

        @Override
        public URL validate(Configuration config, URL url) throws URLAccessValidationError {
            String protocol = url.getProtocol();
            URLAccessRule protocolRule = urlAccessRules.get(protocol);
            if (protocolRule == null) {
                throw new URLAccessValidationError("loading resources via protocol '" + protocol + "' is not permitted");
            }
            return protocolRule.validate(config, url);
        }
    };
}

Example 2 with URLAccessValidationError

use of org.neo4j.graphdb.security.URLAccessValidationError in project neo4j by neo4j.

the class FileURLAccessRuleTest method shouldThrowWhenFileURLContainsAuthority.

@Test
public void shouldThrowWhenFileURLContainsAuthority() throws Exception {
    try {
        URLAccessRules.fileAccess().validate(Config.empty(), new URL("file://foo/bar/baz"));
        fail("expected exception not thrown ");
    } catch (URLAccessValidationError error) {
        assertThat(error.getMessage(), equalTo("file URL may not contain an authority section (i.e. it should be 'file:///')"));
    }
}

Example 3 with URLAccessValidationError

use of org.neo4j.graphdb.security.URLAccessValidationError in project neo4j by neo4j.

the class FileURLAccessRule method validate.

@Override
public URL validate(Configuration config, URL url) throws URLAccessValidationError {
    if (!(url.getAuthority() == null || url.getAuthority().equals(""))) {
        throw new URLAccessValidationError("file URL may not contain an authority section (i.e. it should be 'file:///')");
    }
    if (!(url.getQuery() == null || url.getQuery().equals(""))) {
        throw new URLAccessValidationError("file URL may not contain a query component");
    }
    if (!config.get(GraphDatabaseSettings.allow_file_urls)) {
        throw new URLAccessValidationError("configuration property '" + GraphDatabaseSettings.allow_file_urls.name() + "' is false");
    }
    if (!((Config) config).isExplicitlySet(GraphDatabaseSettings.load_csv_file_url_root)) {
        return url;
    }
    final Path root = config.get(GraphDatabaseSettings.load_csv_file_url_root);
    try {
        final Path urlPath = Path.of(url.toURI());
        final Path rootPath = root.normalize().toAbsolutePath();
        // Normalize to prevent dirty tricks like '..'
        final Path result = rootPath.resolve(urlPath.getRoot().relativize(urlPath)).normalize().toAbsolutePath();
        if (result.startsWith(rootPath)) {
            return result.toUri().toURL();
        }
        throw new URLAccessValidationError("file URL points outside configured import directory");
    } catch (MalformedURLException | URISyntaxException e) {
        // unreachable
        throw new RuntimeException(e);
    }
}

Example 4 with URLAccessValidationError

use of org.neo4j.graphdb.security.URLAccessValidationError in project neo4j by neo4j.

the class FileURLAccessRuleTest method shouldThrowWhenFileURLContainsQuery.

@Test
public void shouldThrowWhenFileURLContainsQuery() throws Exception {
    try {
        URLAccessRules.fileAccess().validate(Config.empty(), new URL("file:///bar/baz?q=foo"));
        fail("expected exception not thrown ");
    } catch (URLAccessValidationError error) {
        assertThat(error.getMessage(), equalTo("file URL may not contain a query component"));
    }
}