guard 3rd party package installation path (#2687)

lxning · web-flow · commit ec22e9833e76 · 2023-10-09T20:28:47.000Z
* check 3rd party package installation path

* fix partial traversal

* add validation funcion
diff --git a/frontend/server/src/main/java/org/pytorch/serve/wlm/ModelManager.java b/frontend/server/src/main/java/org/pytorch/serve/wlm/ModelManager.java
@@ -20,6 +20,7 @@
 import java.util.concurrent.ExecutionException;
 import java.util.concurrent.Executors;
 import java.util.concurrent.ScheduledExecutorService;
+import org.apache.commons.io.FileUtils;
 import org.pytorch.serve.archive.DownloadArchiveException;
 import org.pytorch.serve.archive.model.Manifest;
 import org.pytorch.serve.archive.model.ModelArchive;
@@ -238,7 +239,14 @@ private void setupModelDependencies(Model model)
                             null);
 
             ProcessBuilder processBuilder = new ProcessBuilder(commandParts);
-            processBuilder.directory(model.getModelDir().getAbsoluteFile());
+            if (isValidDependencyPath(dependencyPath)) {
+                processBuilder.directory(dependencyPath);
+            } else {
+                throw new ModelException(
+                        "Invalid 3rd party package installation path "
+                                + dependencyPath.getCanonicalPath());
+            }
+
             Map<String, String> environment = processBuilder.environment();
             for (String envVar : envp) {
                 String[] parts = envVar.split("=", 2);
@@ -274,6 +282,16 @@ private void setupModelDependencies(Model model)
         }
     }
 
+    private boolean isValidDependencyPath(File dependencyPath) {
+        if (dependencyPath
+                .toPath()
+                .normalize()
+                .startsWith(FileUtils.getTempDirectory().toPath().normalize())) {
+            return true;
+        }
+        return false;
+    }
+
     private Model createModel(
             ModelArchive archive,
             int batchSize,
