From ba83d1a3704553209d3045cd8cb819219efd6bcc Mon Sep 17 00:00:00 2001
From: Makhtar DIAGNE <makhtar.diagne@teamdlab.com>
Date: Tue, 8 Sep 2020 14:36:36 +0200
Subject: [PATCH] [FIX RABB-808] Fix directory traversal security issue on
 getLogo

---
 .../fr/gouv/vitamui/ui/commons/service/ApplicationService.java  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ui/ui-commons/src/main/java/fr/gouv/vitamui/ui/commons/service/ApplicationService.java b/ui/ui-commons/src/main/java/fr/gouv/vitamui/ui/commons/service/ApplicationService.java
index d1529599..d3a4060c 100644
--- a/ui/ui-commons/src/main/java/fr/gouv/vitamui/ui/commons/service/ApplicationService.java
+++ b/ui/ui-commons/src/main/java/fr/gouv/vitamui/ui/commons/service/ApplicationService.java
@@ -163,7 +163,7 @@ public class ApplicationService extends AbstractCrudService<ApplicationDto> {
     }
 
     public String getBase64File(String fileName, String basePath) {
-        final Path assetFile = Paths.get(basePath, fileName).normalize();
+        final Path assetFile = Paths.get(basePath, Paths.get(fileName).getFileName().toString());
         String base64Asset = null;
         try {
             base64Asset = DatatypeConverter.printBase64Binary(Files.readAllBytes(assetFile));
-- 
GitLab