[jboss-jira] [JBoss JIRA] (WFCORE-4474) Missing path validation of a log file while update path

James Perkins (Jira) issues at jboss.org
Mon Jun 10 12:22:00 EDT 2019 

    [ https://issues.jboss.org/browse/WFCORE-4474?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13735114#comment-13735114 ] 

James Perkins edited comment on WFCORE-4474 at 6/10/19 12:21 PM:
-----------------------------------------------------------------

I don't think there is much we can really do here TBH. There is a [{{FileCorrector}}|https://github.com/wildfly/wildfly-core/blob/5a12c1bad47db0bfbf836b279d262bdf352d16c7/logging/src/main/java/org/jboss/as/logging/correctors/FileCorrector.java#L33-L44] that sets the {{relative-to}} attribute if it was previously set and the {{path}} was deemed *not* to be an absolute path. It's been like that for a long time so I don't think we can really change that behavior at this point.

For some of the failures you'd need to quote the path in the operation so CLI can parse it. For example the {{C:*server.log}} in CLI should be
{code}
/subsystem=logging/periodic-rotating-file-handler=FILE:write-attribute(name=file,value={path="C:*server.log"})
{code}

That would result in the {{relative-to}} being set though so you'd end up with a path like : {{C:\servers\wildfly\standalone\logs\C:*server.log}}


was (Author: jamezp):
I don't think there is much we can really do here TBH. There is a [{{FileCorrect}}|https://github.com/wildfly/wildfly-core/blob/5a12c1bad47db0bfbf836b279d262bdf352d16c7/logging/src/main/java/org/jboss/as/logging/correctors/FileCorrector.java#L33-L44] that sets the {{relative-to}} attribute if it was previously set and the {{path}} was deemed *not* to be an absolute path. It's been like that for a long time so I don't think we can really change that behavior at this point.

For some of the failures you'd need to quote the path in the operation so CLI can parse it. For example the {{C:*server.log}} in CLI should be
{code}
/subsystem=logging/periodic-rotating-file-handler=FILE:write-attribute(name=file,value={path="C:*server.log"})
{code}

That would result in the {{relative-to}} being set though so you'd end up with a path like : {{C:\servers\wildfly\standalone\logs\C:*server.log}}

> Missing path validation of a log file while update path 
> --------------------------------------------------------
>
>                 Key: WFCORE-4474
>                 URL: https://issues.jboss.org/browse/WFCORE-4474
>             Project: WildFly Core
>          Issue Type: Bug
>          Components: Logging
>    Affects Versions: 9.0.0.Beta4
>            Reporter: Vratislav Marek
>            Assignee: James Perkins
>            Priority: Major
>
> After the first successful set of a valid path, you can set an invalid path.
> It is can be relative to that while "relative-to" parameter is overridden,  the validator doesn't validate it.
> Discovered on Windows.
> A code block is divided, but it is holding sequence to reproduce.
> _This works as expected._
> {code:bash}
> [standalone at localhost:9990 /] /subsystem=logging/periodic-rotating-file-handler=FILE:write-attribute(name=file,value={path=C:/server.log})
> {
>     "outcome" => "failed",
>     "failure-description" => "WFLYCTL0158: Operation handler failed: java.nio.file.InvalidPathException: Illegal char <
> :> at index 61: D:\\Tests\\clear\\wildfly-17.0.0.Beta1-SNAPSHOT\\standalone\\log\\C:/server.log",
>     "rolled-back" => true
> }
> [standalone at localhost:9990 /] /subsystem=logging/periodic-rotating-file-handler=FILE:write-attribute(name=file,value={path=C:\server.log})
> {
>     "outcome" => "failed",
>     "failure-description" => "WFLYCTL0158: Operation handler failed: java.nio.file.InvalidPathException: Illegal char <
> :> at index 61: D:\\Tests\\clear\\wildfly-17.0.0.Beta1-SNAPSHOT\\standalone\\log\\C:server.log",
>     "rolled-back" => true
> }
> {code}
> _Still works as expected. But After this successful write-attribute command, it that changing._
> {code:bash}
> [standalone at localhost:9990 /] /subsystem=logging/periodic-rotating-file-handler=FILE:write-attribute(name=file,value={path=C:\\server.log})
> {"outcome" => "success"}
> {code}
> *Now there is a problem, it that not works as expected. The validator accepts invalid path.*
> {code:bash}
> [standalone at localhost:9990 /] /subsystem=logging/periodic-rotating-file-handler=FILE:write-attribute(name=file,value={path=C:/server.log})
> {"outcome" => "success"}
> [standalone at localhost:9990 /] /subsystem=logging/periodic-rotating-file-handler=FILE:write-attribute(name=file,value={path=C:server.log})
> {"outcome" => "success"}
> {code}
> _But not accept all invalid paths._
> {code:bash}
> [standalone at localhost:9990 /] /subsystem=logging/periodic-rotating-file-handler=FILE:write-attribute(name=file,value={path=C:*server.log})
> {
>     "outcome" => "failed",
>     "failure-description" => "WFLYCTL0158: Operation handler failed: java.nio.file.InvalidPathException: Illegal char <
> *> at index 2: C:*server.log",
>     "rolled-back" => true
> }
> {code}
> _Verification if the unsuccessful update changes something. But not._
> {code:bash}
> [standalone at localhost:9990 /] /subsystem=logging/periodic-rotating-file-handler=FILE:write-attribute(name=file,value={path=C:/server.log})
> {"outcome" => "success"}
> [standalone at localhost:9990 /] /subsystem=logging/periodic-rotating-file-handler=FILE:write-attribute(name=file,value={path=C:server.log})
> {"outcome" => "success"}
> [standalone at localhost:9990 /] /subsystem=logging/periodic-rotating-file-handler=FILE:write-attribute(name=file,value={path=C:\\server.log})
> {"outcome" => "success"}
> {code}
> _Verification if is really set in the property value. Yes_
> {code:bash}
> [standalone at localhost:9990 /] /subsystem=logging/periodic-rotating-file-handler=FILE:read-attribute(name=file)
> {
>     "outcome" => "success",
>     "result" => {"path" => "C:\\server.log"}
> }
> [standalone at localhost:9990 /] /subsystem=logging/periodic-rotating-file-handler=FILE:write-attribute(name=file,value={path=C:server.log})
> {"outcome" => "success"}
> [standalone at localhost:9990 /] /subsystem=logging/periodic-rotating-file-handler=FILE:read-attribute(name=file)
> {
>     "outcome" => "success",
>     "result" => {"path" => "C:server.log"}
> }
> [standalone at localhost:9990 /] /subsystem=logging/periodic-rotating-file-handler=FILE:write-attribute(name=file,value={path=C:/server.log})
> {"outcome" => "success"}
> [standalone at localhost:9990 /] /subsystem=logging/periodic-rotating-file-handler=FILE:read-attribute(name=file)
> {
>     "outcome" => "success",
>     "result" => {"path" => "C:/server.log"}
> }
> [standalone at localhost:9990 /] /subsystem=logging/periodic-rotating-file-handler=FILE:write-attribute(name=file,value={path=C:\server.log})
> {"outcome" => "success"}
> [standalone at localhost:9990 /] /subsystem=logging/periodic-rotating-file-handler=FILE:read-attribute(name=file)
> {
>     "outcome" => "success",
>     "result" => {"path" => "C:server.log"}
> }
> {code}



--
This message was sent by Atlassian Jira
(v7.12.1#712002)

More information about the jboss-jira mailing list