@@ -330,7 +330,7 @@ public DavResource createResource( final DavResourceLocator locator, final DavSe
330330 new File ( managedRepositoryContent .getRepoRoot (), logicalResource ).getAbsolutePath () );
331331
332332 }
333- catch ( RepositoryAdminException e )
333+ catch ( RepositoryAdminException | IOException e )
334334 {
335335 throw new DavException ( HttpServletResponse .SC_INTERNAL_SERVER_ERROR , e );
336336 }
@@ -478,10 +478,6 @@ private DavResource processRepositoryGroup( final DavServletRequest request,
478478 {
479479 managedRepositoryContent = repositoryFactory .getManagedRepositoryContent ( repositoryId );
480480 }
481- catch ( RepositoryNotFoundException e )
482- {
483- throw new DavException ( HttpServletResponse .SC_INTERNAL_SERVER_ERROR , e );
484- }
485481 catch ( RepositoryException e )
486482 {
487483 throw new DavException ( HttpServletResponse .SC_INTERNAL_SERVER_ERROR , e );
@@ -510,7 +506,7 @@ private DavResource processRepositoryGroup( final DavServletRequest request,
510506 {
511507 storedExceptions .add ( e );
512508 }
513- catch ( RepositoryAdminException e )
509+ catch ( IOException | RepositoryAdminException e )
514510 {
515511 storedExceptions .add ( new DavException ( HttpServletResponse .SC_INTERNAL_SERVER_ERROR , e ) );
516512 }
@@ -588,7 +584,7 @@ private String evaluatePathWithVersion( ArchivaDavResourceLocator archivaLocator
588584 private DavResource processRepository ( final DavServletRequest request , ArchivaDavResourceLocator archivaLocator ,
589585 String activePrincipal , ManagedRepositoryContent managedRepositoryContent ,
590586 ManagedRepository managedRepository )
591- throws DavException
587+ throws DavException , IOException
592588 {
593589 DavResource resource = null ;
594590 if ( isAuthorized ( request , managedRepositoryContent .getId () ) )
@@ -606,6 +602,10 @@ private DavResource processRepository( final DavServletRequest request, ArchivaD
606602 }
607603 LogicalResource logicalResource = new LogicalResource ( path );
608604 File resourceFile = new File ( managedRepositoryContent .getRepoRoot (), path );
605+ if (!resourceFile .getCanonicalPath ().equals (resourceFile .getAbsolutePath ()))
606+ {
607+ throw new DavException ( HttpServletResponse .SC_BAD_REQUEST );
608+ }
609609 resource =
610610 new ArchivaDavResource ( resourceFile .getAbsolutePath (), path , managedRepositoryContent .getRepository (),
611611 request .getRemoteAddr (), activePrincipal , request .getDavSession (),
@@ -1342,7 +1342,7 @@ protected File buildMergedIndexDirectory( List<String> repositories, String acti
13421342 }
13431343 }
13441344
1345- Set <String > authzRepos = new HashSet <String >();
1345+ Set <String > authzRepos = new HashSet <>();
13461346
13471347 String permission = WebdavMethodUtil .getMethodPermission ( request .getMethod () );
13481348
@@ -1393,15 +1393,7 @@ protected File buildMergedIndexDirectory( List<String> repositories, String acti
13931393 temporaryGroupIndexMap );
13941394 return mergedRepoDir ;
13951395 }
1396- catch ( RepositoryAdminException e )
1397- {
1398- throw new DavException ( HttpServletResponse .SC_INTERNAL_SERVER_ERROR , e );
1399- }
1400- catch ( IndexMergerException e )
1401- {
1402- throw new DavException ( HttpServletResponse .SC_INTERNAL_SERVER_ERROR , e );
1403- }
1404- catch ( IOException e )
1396+ catch ( RepositoryAdminException | IndexMergerException | IOException e )
14051397 {
14061398 throw new DavException ( HttpServletResponse .SC_INTERNAL_SERVER_ERROR , e );
14071399 }
0 commit comments