mirror of
https://github.com/ClickHouse/ClickHouse.git
synced 2024-09-20 00:30:49 +00:00
Forbid paths in timezones in cctz lib
This commit is contained in:
parent
05c37365df
commit
5c42b78766
2
contrib/cctz
vendored
2
contrib/cctz
vendored
@ -1 +1 @@
|
||||
Subproject commit 5c8528fb35e89ee0b3a7157490423fba0d4dd7b5
|
||||
Subproject commit 7c78edd52b4d65acc103c2f195818ffcabe6fe0d
|
@ -1,26 +0,0 @@
|
||||
#include <DataTypes/TimezoneMixin.h>
|
||||
#include <Common/Exception.h>
|
||||
#include <filesystem>
|
||||
|
||||
namespace DB
|
||||
{
|
||||
namespace ErrorCodes
|
||||
{
|
||||
extern const int BAD_ARGUMENTS;
|
||||
}
|
||||
}
|
||||
|
||||
const String & TimezoneMixin::checkTimezoneName(const String & timezone_name)
|
||||
{
|
||||
const char * forbidden_beginnings[] = {"/", "./", "~"};
|
||||
for (const auto & pattern : forbidden_beginnings)
|
||||
{
|
||||
if (timezone_name.starts_with(pattern))
|
||||
throw DB::Exception(DB::ErrorCodes::BAD_ARGUMENTS, "Timezone name cannot start with '{}'", pattern);
|
||||
}
|
||||
|
||||
if (timezone_name.find("../") != std::string::npos)
|
||||
throw DB::Exception(DB::ErrorCodes::BAD_ARGUMENTS, "Timezone name cannot contain pattern '../'");
|
||||
|
||||
return timezone_name;
|
||||
}
|
@ -15,7 +15,7 @@ public:
|
||||
|
||||
explicit TimezoneMixin(const String & time_zone_name = "")
|
||||
: has_explicit_time_zone(!time_zone_name.empty())
|
||||
, time_zone(DateLUT::instance(checkTimezoneName(time_zone_name)))
|
||||
, time_zone(DateLUT::instance(time_zone_name))
|
||||
, utc_time_zone(DateLUT::instance("UTC"))
|
||||
{
|
||||
}
|
||||
@ -29,7 +29,4 @@ protected:
|
||||
|
||||
const DateLUTImpl & time_zone;
|
||||
const DateLUTImpl & utc_time_zone;
|
||||
|
||||
private:
|
||||
static const String & checkTimezoneName(const String & timezone_name);
|
||||
};
|
||||
|
@ -1,6 +1,6 @@
|
||||
select toDateTime(0, '/abc'); -- { serverError BAD_ARGUMENTS }
|
||||
select toDateTime(0, './abc'); -- { serverError BAD_ARGUMENTS }
|
||||
select toDateTime(0, '../abc'); -- { serverError BAD_ARGUMENTS }
|
||||
select toDateTime(0, '~/abc'); -- { serverError BAD_ARGUMENTS }
|
||||
select toDateTime(0, 'abc/../../cba'); -- { serverError BAD_ARGUMENTS }
|
||||
select toDateTime(0, '/abc'); -- { serverError POCO_EXCEPTION }
|
||||
select toDateTime(0, './abc'); -- { serverError POCO_EXCEPTION }
|
||||
select toDateTime(0, '../abc'); -- { serverError POCO_EXCEPTION }
|
||||
select toDateTime(0, '~/abc'); -- { serverError POCO_EXCEPTION }
|
||||
select toDateTime(0, 'abc/../../cba'); -- { serverError POCO_EXCEPTION }
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user