Fixed PR comments

atlanhq · Jun 13, 2024 · 5d91514 · 5d91514
1 parent 4165f91
commit 5d91514
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 14 deletions.
diff --git a/repository/src/main/java/org/apache/atlas/repository/util/FilterUtil.java b/repository/src/main/java/org/apache/atlas/repository/util/FilterUtil.java
@@ -180,7 +180,6 @@ public static void addParamsToHideInternalType(SearchFilter searchFilter) {
     }
 
     public static boolean validateFilePath(String fileToImport) {
-        String allowedDirectory = "/var/app/allowed/";
 
         try {
             String decodedPath = URLDecoder.decode(fileToImport, "UTF-8");
@@ -194,10 +193,6 @@ public static boolean validateFilePath(String fileToImport) {
                 return false;
             }
 
-            if (!normalizedPath.startsWith(Paths.get(allowedDirectory))) {
-                return false;
-            }
-
             return true;
         } catch (UnsupportedEncodingException e) {
             return false;

diff --git a/repository/src/test/java/org/apache/atlas/repository/util/FilterUtilTest.java b/repository/src/test/java/org/apache/atlas/repository/util/FilterUtilTest.java
@@ -36,11 +36,6 @@ public void testValidateFilePath_NotAbsolute() {
                 validateFilePath("var/app/allowed/file.txt"));
     }
 
-    @Test
-    public void testValidateFilePath_AbsoluteButOutsideAllowed() {
-        assertFalse("Should return false for absolute paths that do not start with the allowed directory.",
-                validateFilePath("/var/app/notallowed/file.txt"));
-    }
 
     @Test
     public void testValidateFilePath_WithUnusualCharacters() {

diff --git a/webapp/src/test/java/org/apache/atlas/web/filters/MetaStoreActiveServerFilterTest.java b/webapp/src/test/java/org/apache/atlas/web/filters/MetaStoreActiveServerFilterTest.java
@@ -10,11 +10,27 @@
 public class MetaStoreActiveServerFilterTest {
 
     @Test
-    public void testSanitizeRedirectLocation_WithValidUrl() {
-        String testUrl = "http://example.com/page?param=value";
-        String expected = "http%3A%2F%2Fexample.com%2Fpage%3Fparam%3Dvalue";
+    public void testSanitizeRedirectLocation_WithValidUr1() {
+        String testUrl = "https://dom-sub-uat.atlan.com/api/meta/entity/guid/fd7a69c9-738b-4b35-a0db-1da00cbd86cd";
+        String expected = "https%3A%2F%2Fdom-sub-uat.atlan.com%2Fapi%2Fmeta%2Fentity%2Fguid%2Ffd7a69c9-738b-4b35-a0db-1da00cbd86cd";
         String actual = sanitizeRedirectLocation(testUrl);
-        assertEquals("The URLs do not match.",expected, actual);
+        assertEquals("The URLs do match.",expected, actual);
+    }
+
+    @Test
+    public void testSanitizeRedirectLocation_WithValidUrl2() {
+        String testUrl = "https://datamesh.atlan.com/api/meta/entity/bulk?replaceBusinessAttributes=true&replaceClassifications=true";
+        String expected = "https%3A%2F%2Fdatamesh.atlan.com%2Fapi%2Fmeta%2Fentity%2Fbulk%3FreplaceBusinessAttributes%3Dtrue%26replaceClassifications%3Dtrue";
+        String actual = sanitizeRedirectLocation(testUrl);
+        assertEquals("The URLs do match.",expected, actual);
+    }
+
+    @Test
+    public void testSanitizeRedirectLocation_WithValidUrl3() {
+        String testUrl = "https://datamesh.atlan.com/api/meta/entity/guid/fd7a69c9-738b-4b35-a0db-1da00cbd86cd";
+        String expected = "https%3A%2F%2Fdatamesh.atlan.com%2Fapi%2Fmeta%2Fentity%2Fguid%2Ffd7a69c9-738b-4b35-a0db-1da00cbd86cd";
+        String actual = sanitizeRedirectLocation(testUrl);
+        assertEquals("The URLs do match.",expected, actual);
     }
 
     @Test