Skip to content

Validate file paths for FSDirectory and Replicator#1357

Merged
paulirwin merged 2 commits into
apache:masterfrom
paulirwin:bugfix/replicator-validation
Jun 16, 2026
Merged

Validate file paths for FSDirectory and Replicator#1357
paulirwin merged 2 commits into
apache:masterfrom
paulirwin:bugfix/replicator-validation

Conversation

@paulirwin

Copy link
Copy Markdown
Contributor
  • You've read the Contributor Guide and Code of Conduct.
  • You've included unit or integration tests for your change, where applicable.
  • You've included inline docs for your change, where applicable.
  • There's an open issue for the PR that you are making. If you'd like to propose a change, please open an issue to discuss the change or find an existing issue.

Validate file paths for FSDirectory and Replicator

Description

FSDirectory and Replicator do not validate that string segments are valid for file paths, which can result in some bugs and issues. This adds validation with unit tests.

@paulirwin paulirwin requested a review from NightOwl888 June 16, 2026 20:18
@paulirwin paulirwin added the notes:bug-fix Contains a fix for a bug label Jun 16, 2026
@paulirwin paulirwin merged commit 7b73146 into apache:master Jun 16, 2026
211 checks passed
paulirwin added a commit to paulirwin/lucene.net that referenced this pull request Jun 16, 2026
Rewritten from commit 7b73146 for this release branch.
paulirwin added a commit to paulirwin/lucene.net that referenced this pull request Jun 17, 2026
…integration)

Rebasing onto master pulled in apache#1357 (path validation for FSDirectory),
which added EnsureCanRead(name) to MMapDirectory.OpenInput. On master,
CreateSlicer delegated to OpenInput, so it was covered transitively. The
PR's redesigned CreateSlicer builds its own SharedMapping and no longer
routes through OpenInput, so it would have silently dropped that
validation. Call EnsureCanRead(name) directly in CreateSlicer to preserve
apache#1357's behavior.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This was referenced Jun 23, 2026
jpapiez pushed a commit to OlyForge3D/PrintFarmer that referenced this pull request Jun 30, 2026
Updated [Lucene.Net](https://github.com/apache/lucenenet) from
4.8.0-beta00017 to 4.8.0-beta00018.

<details>
<summary>Release notes</summary>

_Sourced from [Lucene.Net's
releases](https://github.com/apache/lucenenet/releases)._

## 4.8.0-beta00018

> This is a maintenance update that upgrades ICU4N to the latest
version, since several serious concurrency and resource loading bugs
have been patched since the last Lucene.NET release.

<!-- Release notes generated using configuration in .github/release.yml
at Lucene.Net_4_8_0_beta00018 -->

## What's Changed
### 🐞 Bug Fixes
* FuzzyQuery produces a wrong result when prefix is equal to the term
length by @​paulirwin in apache/lucenenet#1002
* Validate PatternParser DTDs against expected name by @​paulirwin in
apache/lucenenet#1358
* Validate file paths for FSDirectory and Replicator by @​paulirwin in
apache/lucenenet#1357
* Bumped ICU4N to 60.1.0-alpha.440 by @​NightOwl888 in
apache/lucenenet#1353
* ShingleFilter produces invalid queries by @​tohidemyname in
apache/lucenenet#946
* Fix SegmentInfos replace doesn't update userData by @​tohidemyname in
apache/lucenenet#948
### 🚀 Performance Improvements
* SWEEP: Replace J2N's TripleShift call with C# 11's unsigned right
shift operator by @​paulirwin in
apache/lucenenet#1007
### 🏆 Improvements
* Added "Improvements" Category for Release Notes by @​NightOwl888 in
apache/lucenenet#1015
### 📄 Website and API Documentation
* website/site/.htaccess - bug fix by removing BOM and update to
beta0017 redirection by @​rclabo in
apache/lucenenet#1005
* Updated .htaccess copy and release procedure by @​NightOwl888 in
apache/lucenenet#1010
* Added GitHub Automation for Release Notes by @​NightOwl888 in
apache/lucenenet#1011
* fix: Render ASF policy links in static HTML footer by @​rbowen in
apache/lucenenet#1303
* Fix/apidocs breadcrumb toc asf by @​zka26 in
apache/lucenenet#1232
* README: fix typo MacOS -> macOS by @​jbampton in
apache/lucenenet#1179
* Added ASF-required links using drop-down menu and unified navigation
by @​zka26 in apache/lucenenet#1198
* fix: Self-host all external website dependencies by @​mmafrar in
apache/lucenenet#1197
* Fix typos by @​jbampton in
apache/lucenenet#1177
* Replace lucene.testSettings.config references with
lucene.testsettings.json by @​paulirwin in
apache/lucenenet#1035

## New Contributors
* @​jbampton made their first contribution in
apache/lucenenet#1177
* @​mmafrar made their first contribution in
apache/lucenenet#1197
* @​rbowen made their first contribution in
apache/lucenenet#1303
* @​tohidemyname made their first contribution in
apache/lucenenet#946
* @​zka26 made their first contribution in
apache/lucenenet#1198

**Full Changelog**:
apache/lucenenet@Lucene.Net_4_8_0_beta00017...Lucene.Net_4_8_0_beta00018

Commits viewable in [compare
view](apache/lucenenet@Lucene.Net_4_8_0_beta00017...Lucene.Net_4_8_0_beta00018).
</details>

[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=Lucene.Net&package-manager=nuget&previous-version=4.8.0-beta00017&new-version=4.8.0-beta00018)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
jpapiez pushed a commit to OlyForge3D/PrintFarmer that referenced this pull request Jun 30, 2026
…596)

Updated [Lucene.Net.QueryParser](https://github.com/apache/lucenenet)
from 4.8.0-beta00017 to 4.8.0-beta00018.

<details>
<summary>Release notes</summary>

_Sourced from [Lucene.Net.QueryParser's
releases](https://github.com/apache/lucenenet/releases)._

## 4.8.0-beta00018

> This is a maintenance update that upgrades ICU4N to the latest
version, since several serious concurrency and resource loading bugs
have been patched since the last Lucene.NET release.

<!-- Release notes generated using configuration in .github/release.yml
at Lucene.Net_4_8_0_beta00018 -->

## What's Changed
### 🐞 Bug Fixes
* FuzzyQuery produces a wrong result when prefix is equal to the term
length by @​paulirwin in apache/lucenenet#1002
* Validate PatternParser DTDs against expected name by @​paulirwin in
apache/lucenenet#1358
* Validate file paths for FSDirectory and Replicator by @​paulirwin in
apache/lucenenet#1357
* Bumped ICU4N to 60.1.0-alpha.440 by @​NightOwl888 in
apache/lucenenet#1353
* ShingleFilter produces invalid queries by @​tohidemyname in
apache/lucenenet#946
* Fix SegmentInfos replace doesn't update userData by @​tohidemyname in
apache/lucenenet#948
### 🚀 Performance Improvements
* SWEEP: Replace J2N's TripleShift call with C# 11's unsigned right
shift operator by @​paulirwin in
apache/lucenenet#1007
### 🏆 Improvements
* Added "Improvements" Category for Release Notes by @​NightOwl888 in
apache/lucenenet#1015
### 📄 Website and API Documentation
* website/site/.htaccess - bug fix by removing BOM and update to
beta0017 redirection by @​rclabo in
apache/lucenenet#1005
* Updated .htaccess copy and release procedure by @​NightOwl888 in
apache/lucenenet#1010
* Added GitHub Automation for Release Notes by @​NightOwl888 in
apache/lucenenet#1011
* fix: Render ASF policy links in static HTML footer by @​rbowen in
apache/lucenenet#1303
* Fix/apidocs breadcrumb toc asf by @​zka26 in
apache/lucenenet#1232
* README: fix typo MacOS -> macOS by @​jbampton in
apache/lucenenet#1179
* Added ASF-required links using drop-down menu and unified navigation
by @​zka26 in apache/lucenenet#1198
* fix: Self-host all external website dependencies by @​mmafrar in
apache/lucenenet#1197
* Fix typos by @​jbampton in
apache/lucenenet#1177
* Replace lucene.testSettings.config references with
lucene.testsettings.json by @​paulirwin in
apache/lucenenet#1035

## New Contributors
* @​jbampton made their first contribution in
apache/lucenenet#1177
* @​mmafrar made their first contribution in
apache/lucenenet#1197
* @​rbowen made their first contribution in
apache/lucenenet#1303
* @​tohidemyname made their first contribution in
apache/lucenenet#946
* @​zka26 made their first contribution in
apache/lucenenet#1198

**Full Changelog**:
apache/lucenenet@Lucene.Net_4_8_0_beta00017...Lucene.Net_4_8_0_beta00018

Commits viewable in [compare
view](apache/lucenenet@Lucene.Net_4_8_0_beta00017...Lucene.Net_4_8_0_beta00018).
</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

notes:bug-fix Contains a fix for a bug

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants