From 8f3ab9a82608ffe74e6fd5d0c532822412dbc88a Mon Sep 17 00:00:00 2001
From: "k4.rahul" <rahul.k4@tataelxsi.co.in>
Date: Fri, 5 May 2023 14:18:47 +0530
Subject: [PATCH] Coverity-CWE 22: Improper Limitation of a Pathname to a
 Restricted Directory ('Path Traversal')

Coverity fix for 137960 Filesystem path, filename, or URI manipulation

Change-Id: I0691a9f231d6b7019fe413c261f50262ea7fb923
Signed-off-by: k4.rahul <rahul.k4@tataelxsi.co.in>
---
 osm_common/fsmongo.py                         |  4 +++-
 .../notes/fix_cwe22-c2677929fb74c79d.yaml     | 21 +++++++++++++++++++
 2 files changed, 24 insertions(+), 1 deletion(-)
 create mode 100644 releasenotes/notes/fix_cwe22-c2677929fb74c79d.yaml

diff --git a/osm_common/fsmongo.py b/osm_common/fsmongo.py
index 4f4e5eb..2e47039 100644
--- a/osm_common/fsmongo.py
+++ b/osm_common/fsmongo.py
@@ -235,7 +235,9 @@ class FsMongo(FsBase):
                     if e.errno != errno.ENOENT:
                         # This is probably permission denied or worse
                         raise
-                os.symlink(link, file_path)
+                os.symlink(
+                    link, os.path.realpath(os.path.normpath(os.path.abspath(file_path)))
+                )
             else:
                 folder = os.path.dirname(file_path)
                 if folder not in valid_paths:
diff --git a/releasenotes/notes/fix_cwe22-c2677929fb74c79d.yaml b/releasenotes/notes/fix_cwe22-c2677929fb74c79d.yaml
new file mode 100644
index 0000000..9eb9a90
--- /dev/null
+++ b/releasenotes/notes/fix_cwe22-c2677929fb74c79d.yaml
@@ -0,0 +1,21 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+---
+security:
+  - |
+    Coverity-CWE 22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
+    Coverity fix for 137960 Filesystem path, filename, or URI manipulation
-- 
2.25.1