diff --git a/dotnet/src/dotnetcore/GxClasses.Web/Middleware/GXRouting.cs b/dotnet/src/dotnetcore/GxClasses.Web/Middleware/GXRouting.cs index 705bed12c..2f5e13345 100644 --- a/dotnet/src/dotnetcore/GxClasses.Web/Middleware/GXRouting.cs +++ b/dotnet/src/dotnetcore/GxClasses.Web/Middleware/GXRouting.cs @@ -41,8 +41,9 @@ internal class GXRouting : IGXRouting public static bool AzureRuntime; public AzureDeployFeature AzureDeploy = new AzureDeployFeature(); public static string AzureFunctionName; + const int REGEX_DEFAULT_MATCH_TIMEOUT_SECONDS= 10; - static Regex SDSVC_PATTERN = new Regex("([^/]+/)*(sdsvc_[^/]+/[^/]+)(\\?.*)*"); + static Regex SDSVC_PATTERN = new Regex("([^/]+/)*(sdsvc_[^/]+/[^/]+)(\\?.*)*", RegexOptions.None, TimeSpan.FromSeconds(REGEX_DEFAULT_MATCH_TIMEOUT_SECONDS)); internal const string PRIVATE_DIR = "private"; public Dictionary servicesPathUrl = new Dictionary(); diff --git a/dotnet/src/dotnetframework/GxClasses/Data/GXDataCommon.cs b/dotnet/src/dotnetframework/GxClasses/Data/GXDataCommon.cs index 4d7a4ae25..12db94f8a 100644 --- a/dotnet/src/dotnetframework/GxClasses/Data/GXDataCommon.cs +++ b/dotnet/src/dotnetframework/GxClasses/Data/GXDataCommon.cs @@ -947,7 +947,7 @@ protected static byte[] GetBinary(string fileNameParm, bool dbBlob) } else { - GXLogging.Error(log, "Not a valid URI: ", fileName); + GXLogging.WarnSanitized(log, "Not a valid URI: ", fileName); throw new GxADODataException("GxCommand. Not a valid uri: " + fileName); } return binary; diff --git a/dotnet/src/dotnetframework/GxClasses/Helpers/GXMetadata.cs b/dotnet/src/dotnetframework/GxClasses/Helpers/GXMetadata.cs index 273c52eb1..d1d329418 100644 --- a/dotnet/src/dotnetframework/GxClasses/Helpers/GXMetadata.cs +++ b/dotnet/src/dotnetframework/GxClasses/Helpers/GXMetadata.cs @@ -226,19 +226,9 @@ static public object FindInstance(string defaultAssemblyName, string clss, Objec static public object FindInstance(string defaultAssemblyName, string nspace, string clss, Object[] constructorArgs, Assembly defaultAssembly, bool ignoreCase=false) { Type objType = FindType( defaultAssemblyName, nspace, clss, defaultAssembly, ignoreCase); - GXLogging.Debug(log, "CreateInstance, Args ", ConstructorArgsString(constructorArgs)); + GXLogging.Debug(log, "CreateInstance class:", clss); return Activator.CreateInstance(objType, constructorArgs); } - internal static string ConstructorArgsString(Object[] constructorArgs) - { - string argsConstr = ""; - for (int i = 0; constructorArgs != null && i < constructorArgs.Length; i++) - { - argsConstr += "'" + constructorArgs[i] + "' "; - } - return argsConstr; - } - static public void ExecuteVoidRef(object o, string mthd, Object[] args) { try diff --git a/dotnet/src/dotnetframework/GxCompress/GXCompressor.cs b/dotnet/src/dotnetframework/GxCompress/GXCompressor.cs index b27560325..557323310 100644 --- a/dotnet/src/dotnetframework/GxCompress/GXCompressor.cs +++ b/dotnet/src/dotnetframework/GxCompress/GXCompressor.cs @@ -603,6 +603,14 @@ private static void DecompressZip(FileInfo file, string outputPath) foreach (var entry in archive.Entries) { string fullPath = Path.Combine(outputPath, entry.FullName); + string destFileName = Path.GetFullPath(fullPath); + string fullDestDirPath = Path.GetFullPath(outputPath + Path.DirectorySeparatorChar); + if (!destFileName.StartsWith(fullDestDirPath)) + { + throw new InvalidOperationException("Entry is outside the target dir: " + destFileName); + } + + if (string.IsNullOrEmpty(entry.Name)) { Directory.CreateDirectory(fullPath); @@ -742,6 +750,14 @@ private static void DecompressJar(FileInfo file, string outputPath) foreach (var entry in archive.Entries) { string destinationPath = Path.Combine(outputPath, entry.FullName); + string destFileName = Path.GetFullPath(destinationPath); + string fullDestDirPath = Path.GetFullPath(outputPath + Path.DirectorySeparatorChar); + if (!destFileName.StartsWith(fullDestDirPath)) + { + throw new InvalidOperationException("Entry is outside the target dir: " + destFileName); + } + + if (string.IsNullOrEmpty(entry.Name)) { Directory.CreateDirectory(destinationPath);