public static String getValidFilePath()

in aws-serverless-java-container-core/src/main/java/com/amazonaws/serverless/proxy/internal/SecurityUtils.java [198:231]

• 30 lines of code
• 11 McCabe index (conditional complexity)

    public static String getValidFilePath(final String inputPath, boolean isWrite) {
        if (inputPath == null || "".equals(inputPath.trim())) {
            return null;
        }
        String testInputPath = inputPath;
        if (testInputPath.startsWith("file://")) {
            testInputPath = testInputPath.substring(6);
        }

        File f = new File(testInputPath);
        try {
            String canonicalPath = f.getCanonicalPath();

            if (isWrite && canonicalPath.startsWith("/var/task")) {
                throw new IllegalArgumentException("Trying to write to /var/task folder");
            }

            boolean isAllowed = false;
            for (String allowedPath : LambdaContainerHandler.getContainerConfig().getValidFilePaths()) {
                if (canonicalPath.startsWith(allowedPath)) {
                    isAllowed = true;
                    break;
                }
            }
            if (!isAllowed) {
                throw new IllegalArgumentException("File path not allowed: " + encode(canonicalPath));
            }

            return (inputPath.startsWith("file://") ? "file://" + canonicalPath : canonicalPath);
        } catch (IOException e) {
            log.error("Invalid file path: {}", encode(testInputPath));
            throw new IllegalArgumentException("Invalid file path", e);
        }
    }