Package de.wwu.scdh.saxon.harden

Class FilesystemFilter

  • public class FilesystemFilter
extends Object
    A filter that restricts access to the file system to a specific paths given by configuration. Requests to URI schemes other than file will pass the check. URIs without a specified scheme will be treated as in the file scheme.

    • Constructor Detail

      • FilesystemFilter

        public FilesystemFilter()
        The standard constructor sets no allowed locations at all.

      • FilesystemFilter

        public FilesystemFilter​(String[] allowedLocations)
                 throws FilesystemFilterException
        Make a new FilesystemFilter from an array of file system paths. The paths should follow the OS-specific form, e.g. c:\\users\\

        on Windows or ~/projects/xsl on *nix. Paths are converted to healty URIs internally. Relative paths are converted to absolute paths. ~ can be used to point to the user's home directory.

        Parameters:
        allowedLocations - locations (paths) on the file system allowed for read and write access
        Throws:
        FilesystemFilterException

    • Method Detail

      • fromPropertiesOrEnvironment

        public static FilesystemFilter fromPropertiesOrEnvironment()
        This static method returns a FilesystemFilter and sets its allowed locations from a system property or an environment variable, which define a list of paths. The name of the system property is FileSystemFilter.PROPERTY. The name of the environment variable is FilesystemFilter.ENVIRON. Paths are separated by FilesystemFilter.SEPARATOR.

        Configuration errors result in an empty set of allowed paths, but will be notified on stderr.

        ~ can be used to point to the user's home directory.

      • getPropOrEnv

        protected static String[] getPropOrEnv()
        Get an array of paths from a system property or environment variable.

      • notifyEmpty

        protected static void notifyEmpty()
        Notify users that no allowed paths are configured.

      • getAllowedLocations

        public String[] getAllowedLocations()
        Returns the allowed locations.

      • check

        public boolean check​(URI absolute)
        Check if the given absolute URI is allowed. URIs in the file system scheme will pass the check if the file is under one of the allowed paths. All relative file URIs will fail. If there is no scheme given for the URI, then it is treated as a file URI. All other URIs will pass the check.
        Parameters:
        absolute - URI to check
        Returns:
        false if and only if a file URI pointing outside of allowed locations

      • check

        public boolean check​(String href,
                     String base)
        This checks if the given href points to an allowed file system location or is a non-file URI. A relative reference is first resolved against the URI given in the second parameter.
        Parameters:
        href - the reference to be checked
        base - the base URI to be used to resolve a relative href
        Returns:
        false if and only if a file URI pointing outside of allowed locations