Commit f95c81bf authored by Iustin Pop's avatar Iustin Pop
Browse files

Security issue: add validation of script names



This patch unifies the search for external script to always go through
utils.FindFile and implements in that function a restriction on valid
chars in file names and (additionally) that the passed name is the
basename of the final (absolute) name.
Signed-off-by: default avatarIustin Pop <iustin@google.com>
Reviewed-by: default avatarMichael Hanselmann <hansmi@google.com>
parent 4fe80ef2
......@@ -1658,10 +1658,11 @@ def OSFromDisk(name, base_dir=None):
"""
if base_dir is None:
os_dir = utils.FindFile(name, constants.OS_SEARCH_PATH, os.path.isdir)
if os_dir is None:
raise errors.InvalidOS(name, None, "OS dir not found in search path")
else:
os_dir = os.path.sep.join([base_dir, name])
os_dir = utils.FindFile(name, [base_dir], os.path.isdir)
if os_dir is None:
raise errors.InvalidOS(name, None, "OS dir not found in search path")
api_versions = _OSOndiskVersion(name, os_dir)
......
......@@ -1633,9 +1633,17 @@ def FindFile(name, search_path, test=os.path.exists):
@return: full path to the object if found, None otherwise
"""
# validate the filename mask
if constants.EXT_PLUGIN_MASK.match(name) is None:
logging.critical("Invalid value passed for external script name: '%s'",
name)
return None
for dir_name in search_path:
item_name = os.path.sep.join([dir_name, name])
if test(item_name):
# check the user test and that we're indeed resolving to the given
# basename
if test(item_name) and os.path.basename(item_name) == name:
return item_name
return None
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment