Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1063679 - Installer does not validate installation path field
Summary: Installer does not validate installation path field
Alias: None
Product: JBoss BRMS Platform 6
Classification: Retired
Component: Installer
Version: 6.0.0
Hardware: Unspecified
OS: Unspecified
Target Milestone: CR2
: 6.0.1
Assignee: Miles Tjandrawidjaja
QA Contact: Tomas Livora
Depends On:
TreeView+ depends on / blocked
Reported: 2014-02-11 09:11 UTC by Tomas Livora
Modified: 2014-09-03 04:56 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2014-08-06 19:58:13 UTC
Type: Bug

Attachments (Terms of Use)

Description Tomas Livora 2014-02-11 09:11:10 UTC
Description of problem:
While selecting the installation target directory user is allowed to enter invalid characters and the installation process then fails.

Version-Release number of selected component (if applicable):
6.0.0 CR2

Steps to Reproduce:
1. Run the installer and proceed to the step where you have to enter the target directory.
2. Enter a path with any of these characters: \?%:"
3. Proceed to the step where EAP is started and see the errors.

Actual results:
The installation process will fail because these characters are not allowed to be in the EAP path.

Expected results:
Installation path field should be validated and user should not be allowed to proceed to the next step if it contains any invalid characters.

Additional info:
Maybe there are some other invalid characters on other platforms. This was only tested on Fedora.

Comment 1 Miles Tjandrawidjaja 2014-02-14 17:02:18 UTC
Preventing Characters such as
\0, \, @, %, <, >, :, ", |, ?, *, [, ], (, )
From the installation directory

Comment 2 Tomas Livora 2014-02-24 15:24:15 UTC
Miles, are we really going not to support brackets in the path? I know they can probably cause problems on some UNIX systems but what about MS Windows? For example, they are contained in the name of the directory where new software is usually installed - 'Program Files (x86)'.

Comment 3 Andrej Podhradsky 2014-02-27 08:31:54 UTC
Status changed to ASSIGNED because we are not able to install into path containing parentheses '(', ')'.

Comment 4 Miles Tjandrawidjaja 2014-02-27 17:37:58 UTC
Only disallow parentheses on unix systems.

Comment 5 Andrej Podhradsky 2014-03-05 14:36:54 UTC
Status changed to ASSIGNED since the installer doesn't validate if the path contains a backslash. At the moment I'm not sure if this case is supported but it doesn't work. 

For more info see BZ 1063679

Comment 6 Andrej Podhradsky 2014-03-05 14:39:01 UTC
I'm sorry for wrong BZ link in previous comment, please see BZ 1072975

Comment 7 Miles Tjandrawidjaja 2014-03-05 19:27:51 UTC

Can you please give a specification on:
1. All invalid characters on Windows systems
2. All invalid characters on Unix systems

As I am unclear of the specification.

Comment 8 Andrej Podhradsky 2014-03-10 12:40:55 UTC
Hi Miles,

I cannot find some official doc about which chars are allowed and Tomas will be available by the end of this week. IMHO brackets [] and parenthesis () should be allowed on both Unix and Windows.

Comment 9 Tomas Livora 2014-03-12 15:25:37 UTC
Miles, is there not any Java class that returns invalid path characters according to the platform you are currently on? When I was creating tests related to this BZ I helped myself with this wikipedia article - I would not consider it as a list of all possible cases in which there might occur any problems on a particular platform. But it should be taken into account and characters that do not seem to cause problems on the specific platform should definitely be allowed there.

Comment 10 Miles Tjandrawidjaja 2014-03-12 20:48:09 UTC

Yes there are some characters that are reserved and should not be used.
I agree that we should always invalidate those which are invalid by the OS.
Another concern is about what are considered valid path and file names by the product(s) that the installer installs. For example on Unix systems you may have consecutive spaces in their path, but our products do not function when placed in such a path.

For invalid characters on Windows I will go by the following link:

For invalid Unix characters I will disallow a paths that contain consecutive forward slashes, and also disallow paths that contain null character "\0". Also choose to exclude ";" and "\", and they can cause unwanted escaping.

I will also invalidate consecutive spaces from both windows and unix.

Hopefully this resolved the issue. I'll update this BZ if there are any changes to the path validation.

Comment 11 Miles Tjandrawidjaja 2014-03-17 19:43:24 UTC
Also note on unix the install condenses consecutive forward slashes to a single slash. You can see the confirmation by the dialog box.
-> /consecutive/forward/slashes

Comment 12 Tomas Livora 2014-03-25 09:04:32 UTC
The bug is not fixed as some of the characters mentioned in the first post are now allowed again. These characters cause that installation process fails during the last step.

Comment 13 Miles Tjandrawidjaja 2014-03-25 13:19:58 UTC
Updated Validation 

Characters that installer or its products can't handle
invalidCharacters = {"  ", "?", "%", ":"};

Invalid Windows Characters
invalidWindows = {"<", ">", ":", "\"", "/", "\\\\", "|", "?", "*", "\\ "};

Invalid Unix Characters
public static final String [] invalidUnix = {"\\0", "//", ";", "\\"};


Comment 14 Tomas Livora 2014-03-25 14:50:36 UTC
Miles, it looks nice. But quotation marks ( " ) should not be allowed on UNIX systems either. The installation process will fail if you use them in the installation path.

Comment 15 Miles Tjandrawidjaja 2014-03-25 15:06:31 UTC
Hello I've updated the invalidCharacters to 
public static final String [] invalidCharacters = {"  ", "?", "%", ":","\""};

See Diff

Comment 16 Tomas Livora 2014-03-25 16:09:55 UTC
Miles, do not forget to change the error message, too. Now there are mentioned some characters that are not considered as invalid anymore. I would suggest a general message instead of describing which characters are allowed on which platform. Or you can enumerate all invalid characters for the platform where it is currently running.

Comment 17 Miles Tjandrawidjaja 2014-03-26 13:05:50 UTC
I have updated the strings so that the message will list all invalid characters for the platform when entering an invalid directory.

Comment 19 Tomas Livora 2014-04-08 14:38:32 UTC
Verified on BPMS 6.0.1 CR2

Note You need to log in before you can comment on or make changes to this bug.