f855ab7d1eb13553ec9af10797019c7d1333259b
java/com.sap.sailing.grib/src/com/sap/sailing/grib/impl/GribWindFieldFactoryImpl.java
| ... | ... | @@ -19,6 +19,7 @@ import java.util.logging.Logger; |
| 19 | 19 | |
| 20 | 20 | import com.sap.sailing.grib.GribWindField; |
| 21 | 21 | import com.sap.sailing.grib.GribWindFieldFactory; |
| 22 | +import com.sap.sse.common.Util; |
|
| 22 | 23 | import com.sap.sse.common.util.MappingIterable; |
| 23 | 24 | import com.sap.sse.util.LoggerAppender; |
| 24 | 25 | |
| ... | ... | @@ -188,6 +189,9 @@ public class GribWindFieldFactoryImpl implements GribWindFieldFactory { |
| 188 | 189 | * are no longer needed. |
| 189 | 190 | */ |
| 190 | 191 | private File copyStreamToFile(InputStream s, String filename) throws IOException { |
| 192 | + if (Util.hasLength(filename) && (filename.contains("..") || filename.contains("/") || filename.contains("\\"))) { |
|
| 193 | + throw new IllegalArgumentException("File extension must not contain '..' or a file separator like '/'."); |
|
| 194 | + } |
|
| 191 | 195 | Path tempDir = Files.createTempDirectory("gribcache"); |
| 192 | 196 | Path filePath = tempDir.resolve(filename); |
| 193 | 197 | Files.copy(s, filePath); |