[FIX RABB-808] Fix directory traversal security issue on getLogo

ba83d1a3 · Makhtar DIAGNE · 710c9371 · ba83d1a3
Commit ba83d1a3 authored Sep 08, 2020 by Makhtar DIAGNE
--- a/ui/ui-commons/src/main/java/fr/gouv/vitamui/ui/commons/service/ApplicationService.java
+++ b/ui/ui-commons/src/main/java/fr/gouv/vitamui/ui/commons/service/ApplicationService.java
@@ -163,7 +163,7 @@ public class ApplicationService extends AbstractCrudService<ApplicationDto> {
    }
    public String getBase64File(String fileName, String basePath) {
-        final Path assetFile = Paths.get(basePath, fileName).normalize();
+        final Path assetFile = Paths.get(basePath, Paths.get(fileName).getFileName().toString());
        String base64Asset = null;
        try {
            base64Asset = DatatypeConverter.printBase64Binary(Files.readAllBytes(assetFile));