kemitix/kxio
1
0
Fork 0
Code Issues 6 Pull requests 1 Releases 8 Activity Actions

feat(fs): properly validates paths are within base directory

Browse source
This commit is contained in:
Paul Campbell 2024-04-28 14:58:55 +01:00
parent 12d55b98e5
commit a9057a8831
3 changed files with 42 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
Cargo.toml
View file

@ -31,6 +31,7 @@ thiserror = "1.0"
# fs # fs
tempfile = "3.10" tempfile = "3.10"
path-clean = "1.0"
# error handling # error handling
derive_more = { version = "1.0.0-beta.6", features = ["from", "display"] } derive_more = { version = "1.0.0-beta.6", features = ["from", "display"] }

15
src/fs/real.rs
View file

@ -57,12 +57,25 @@ impl super::FileSystemLike for RealFileSystem {
impl RealFileSystem { impl RealFileSystem {
fn validate(&self, path: &Path) -> super::Result<()> { fn validate(&self, path: &Path) -> super::Result<()> {
let path = self.clean_path(path)?;
if !path.starts_with(&self.base) { if !path.starts_with(&self.base) {
return Err(super::Error::PathTraversal { return Err(super::Error::PathTraversal {
base: self.base.clone(), base: self.base.clone(),
path: path.to_path_buf(), path,
}); });
} }
Ok(()) Ok(())
} }
fn clean_path(&self, path: &Path) -> super::Result<PathBuf> {
// let path = path.as_ref();
use path_clean::PathClean;
let abs_path = if path.is_absolute() {
path.to_path_buf()
} else {
std::env::current_dir()?.join(path)
}
.clean();
Ok(abs_path)
}
} }

41
src/tests/fs.rs
View file

@ -1,22 +1,35 @@
use std::path::PathBuf; use assert2::let_assert;
use crate::fs; use crate::fs;
type TestResult = Result<(), crate::fs::Error>; type TestResult = Result<(), fs::Error>;
#[test]
fn path_of_validate_fails_path_traversal() -> TestResult {
let fs = fs::temp()?;
let_assert!(Err(fs::Error::PathTraversal { base, path: _path }) = fs.path_of("..".into()));
assert_eq!(base, fs.base());
Ok(())
}
#[test] #[test]
fn write_read_file_exists() -> TestResult { fn write_read_file_exists() -> TestResult {
let fs = fs::temp()?; let fs = fs::temp()?;
let pathbuf: PathBuf = fs.path_of("foo".into())?; let pathbuf = fs.base().join("foo");
fs.file_write(&pathbuf, "content")?; let_assert!(Ok(_) = fs.file_write(&pathbuf, "content"));
let c = fs.file_read_to_string(&pathbuf)?; let_assert!(
Ok(c) = fs.file_read_to_string(&pathbuf),
"file_read_to_string"
);
assert_eq!(c, "content"); assert_eq!(c, "content");
let exists = fs.path_exists(&pathbuf)?; let_assert!(Ok(exists) = fs.path_exists(&pathbuf));
assert!(exists); assert!(exists);
let is_file = fs.path_is_file(&pathbuf)?; let_assert!(Ok(is_file) = fs.path_is_file(&pathbuf));
assert!(is_file); assert!(is_file);
Ok(()) Ok(())
@ -25,14 +38,14 @@ fn write_read_file_exists() -> TestResult {
#[test] #[test]
fn create_dir_should_create_a_dir() -> TestResult { fn create_dir_should_create_a_dir() -> TestResult {
let fs = fs::temp()?; let fs = fs::temp()?;
let pathbuf = fs.path_of("subdir".into())?; let pathbuf = fs.base().join("subdir");
fs.dir_create(&pathbuf)?; let_assert!(Ok(_) = fs.dir_create(&pathbuf));
let exists = fs.path_exists(&pathbuf)?; let_assert!(Ok(exists) = fs.path_exists(&pathbuf));
assert!(exists); assert!(exists);
let is_dir = fs.path_is_dir(&pathbuf)?; let_assert!(Ok(is_dir) = fs.path_is_dir(&pathbuf));
assert!(is_dir); assert!(is_dir);
Ok(()) Ok(())
@ -43,12 +56,12 @@ fn create_dir_all_should_create_a_dir() -> TestResult {
let fs = fs::temp()?; let fs = fs::temp()?;
let pathbuf = fs.base().join("subdir").join("child"); let pathbuf = fs.base().join("subdir").join("child");
fs.dir_create_all(&pathbuf)?; let_assert!(Ok(_) = fs.dir_create_all(&pathbuf));
let exists = fs.path_exists(&pathbuf)?; let_assert!(Ok(exists) = fs.path_exists(&pathbuf));
assert!(exists, "path exists"); assert!(exists, "path exists");
let is_dir = fs.path_is_dir(&pathbuf)?; let_assert!(Ok(is_dir) = fs.path_is_dir(&pathbuf));
assert!(is_dir, "path is a directory"); assert!(is_dir, "path is a directory");
Ok(()) Ok(())