allow symbolic links in the paths of tempDir (and therefore the solr …

…web resources)

make all paths normalize so they do not contain relative path information, which can break symlink security testing
added   tempDirSymLinksAllow and  tempDirSymLinksSafePaths settings
release 1.6.2

src/main/kotlin/uy/kohesive/solr/undertow/Config.kt

@@ -20,6 +20,7 @@ import org.slf4j.Logger
 import org.slf4j.LoggerFactory
 import uy.klutter.config.typesafe.*
 import uy.klutter.config.typesafe.jdk7.FileConfig
+import uy.klutter.config.typesafe.jdk7.asPathList
 import uy.klutter.config.typesafe.jdk7.asPathRelative
 import uy.klutter.core.common.initializedBy
 import uy.klutter.core.jdk.minimum
@@ -109,7 +110,7 @@ abstract class ServerConfigReplicatedToSysProps: ServerConfigLoader {
             if (configValue.exists()) {
                 if (configValue.isNotEmptyString()) {
                     val value = if (SYS_PROPERTIES_THAT_ARE_PATHS.contains(mapping.key)) {
-                        configValue.asPathRelative(workingDir).toString()
+                        configValue.asPathRelative(workingDir).normalize().toString()
                     }
                     else {
                         configValue.asString()
@@ -200,17 +201,19 @@ class ServerConfig(private val log: Logger, val loader: ServerConfigLoader) {
     }
     val zkRun = configured.value(OUR_PROP_ZKRUN).asBoolean()
     val zkHost = configured.value(OUR_PROP_ZKHOST).asString()
-    val solrHome = configured.value(OUR_PROP_SOLR_HOME).asPathRelative(loader.workingDir)
-    val solrLogs = configured.value(OUR_PROP_SOLR_LOG).asPathRelative(loader.workingDir)
-    val tempDir = configured.value(OUR_PROP_TEMP_DIR).asPathRelative(loader.workingDir)
+    val solrHome = configured.value(OUR_PROP_SOLR_HOME).asPathRelative(loader.workingDir).normalize()
+    val solrLogs = configured.value(OUR_PROP_SOLR_LOG).asPathRelative(loader.workingDir).normalize()
+    val tempDir = configured.value(OUR_PROP_TEMP_DIR).asPathRelative(loader.workingDir).normalize()
+    val tempDirSymLinksAllow = configured.value("tempDirSymLinksAllow").asBoolean(false)
+    val tempDirSymLinksSafePaths = configured.value("tempDirSymLinksSafePaths").asPathList().map(Path::normalize)
     val solrVersion = configured.value(OUR_PROP_SOLR_VERSION).asString()
 
     private val solrWarFileString = configured.value(OUR_PROP_SOLR_WAR).asStringOrNull().nullIfEmpty()
-    val solrWarFile: Path? = solrWarFileString?.let { loader.workingDir.resolve(solrWarFileString) }
+    val solrWarFile: Path? = solrWarFileString?.let { loader.workingDir.resolve(solrWarFileString).normalize() }
     val solrWarCanBeOmitted = configured.value(OUR_PROP_SOLR_WAR_ALLOW_OMIT).asBoolean(false)
 
     private val libExtDirString = configured.value(OUR_PROP_LIBEXT_DIR).asStringOrNull().nullIfEmpty()
-    val libExtDir: Path? = libExtDirString?.let { loader.workingDir.resolve(libExtDirString) }
+    val libExtDir: Path? = libExtDirString?.let { loader.workingDir.resolve(libExtDirString).normalize() }
 
     val solrContextPath = configured.value(OUR_PROP_HOST_CONTEXT).asString().let { solrContextPath ->
         if (!solrContextPath.startsWith("/")) "/" + solrContextPath else solrContextPath

src/main/kotlin/uy/kohesive/solr/undertow/SolrUndertow.kt

@@ -400,7 +400,8 @@ class Server(cfgLoader: ServerConfigLoader) {
                 .addMimeMapping(MimeMapping(".xsl", "application/xslt+xml"))
                 .addWelcomePages(welcomePages)
         solrWarDeployment.htmlDir?.let { htmlDir ->
-            deployment.setResourceManager(FileResourceManager(solrWarDeployment.htmlDir.toFile(), 1024))
+            deployment.setResourceManager(FileResourceManager(solrWarDeployment.htmlDir.toFile(), 1024L,
+                    cfg.tempDirSymLinksAllow, *cfg.tempDirSymLinksSafePaths.map(Path::toString).toTypedArray()))
         }
 
         if (solrRestConfigApiClass != null) {

src/main/resources/solr-undertow-reference.conf

@@ -41,9 +41,13 @@ solr.undertow: {
   #     accessLogFormat="common" produces  "%h %l %u %t \"%r\" %s %b"
   #     accessLogFormat="combined" produces  "%h %l %u %t \"%r\" %s %b \"%{i,Referer}\" \"%{i,User-Agent}\""
   #     acesssLogFormat=any other custom format string (see JavaDoc comments for: https://github.com/undertow-io/undertow/blob/master/core/src/main/java/io/undertow/server/handlers/accesslog/AccessLogHandler.java)
-  accessLogFormat =  "%t %a %p \"%r\" %q %s %b %Dms %{o,X-Solr-QTime} ${o,X-Solr-Hits}"
+  accessLogFormat: "%t %a %p \"%r\" %q %s %b %Dms %{o,X-Solr-QTime} ${o,X-Solr-Hits}"
   # Should timing be tracked for each request, adds slight overhead
-  accessLogEnableRequestTiming = true
+  accessLogEnableRequestTiming: true
   # If running embedded, the WAR file can be ommitted if the classpath contains Solr already
-  solrWarCanBeOmitted=false
+  solrWarCanBeOmitted: false
+  # If tempDir contains symbolic links they are blocked for security reasons by default because web content is served from this dir, but can be enabled
+  tempDirSymLinksAllow: false
+  # If tempDir can contain symbolic links, to what ABSOLUTE paths are they allowed to access?  (or empty for ALL)
+  tempDirSymLinksSafePaths: []
 }

src/test/kotlin/uy/kohesive/solr/undertow/TestConfigLoading.kt

@@ -427,7 +427,7 @@ class TestConfigLoading {
 
         val cfg = makeConfig(cfgHocon)
         val cfgFile = cfg.loader.workingDir
-        fun String.toCfgDir(): Path = cfgFile.resolve(this).toAbsolutePath()
+        fun String.toCfgDir(): Path = cfgFile.resolve(this).toAbsolutePath().normalize()
 
         assertEquals(testHome.toCfgDir(), cfg.solrHome)
         assertEquals(testLogs.toCfgDir(), cfg.solrLogs)