cyphar / filepath-securejoin Goto Github PK
View Code? Open in Web Editor NEWProposed filepath.SecureJoin implementation
License: BSD 3-Clause "New" or "Revised" License
Proposed filepath.SecureJoin implementation
License: BSD 3-Clause "New" or "Revised" License
This might be more of a question than an issue, but I'll log it anyway and see what the expectation is.
In https://github.com/cyphar/filepath-securejoin/blob/master/join.go#L61, if the values passed in to SecureJoinVFS are:
(/root/testdir
, ../upperfile.txt
, nil
) and on the machine the file /root/upperfile.txt
exists, but the file /root/testdir/upperfile.txt
does not, SecureJoinVFS() is not returning an error as I would expect.
Instead, it's cleaning up the ..
and returning (/root/testdir/upperfile.txt
, nil
)
If by chance I had a /root/testdir/upperfile.txt
I still would not expect to get a pointer to it instead of /root/upperfile.txt
.
I think the correct behavior would be to return an error in this circumstance. Thoughts?
FWIW, this came up due to an investigation into a Podman issue logged here: containers/podman#5035
The error message that is triggered by too many symlink dereferences contains a non-existent path instead of the path to the symlink that causes the loop.
The path is set here:
Line 58 in b69b737
On Fedora CoreOS perform the following steps
mkdir ~/test
cd ~/test
FROM docker.io/library/fedora:38
RUN dnf install -y golang
podman build -t go .
package main
import (
"os"
"errors"
"fmt"
securejoin "github.com/cyphar/filepath-securejoin"
)
func main() {
path := "/root/sub"
os.MkdirAll(path, 0755)
target := "symlink"
symlink := "/root/sub/symlink"
os.Symlink(target, symlink)
_, err := securejoin.SecureJoin("/root","sub/symlink")
if (err != nil) {
var pErr *os.PathError
if errors.As(err, &pErr) {
fmt.Printf("Error = %v\n", pErr.Err)
fmt.Printf("Path = %v\n", pErr.Path)
}
}
}
podman run --rm -v ./:/src:Z -w /src localhost/go go mod init reproducer
podman run --rm -v ./:/src:Z -w /src localhost/go go mod tidy
podman run --rm -v ./:/src:Z -w /src localhost/go go run .
go: downloading github.com/cyphar/filepath-securejoin v0.2.4
Error = too many levels of symbolic links
Path = /root/symlink/
At step 8 I see
Path = /root/symlink/
At step 8 I would have expected to see
Path = /root/sub/symlink
as /root/sub/symlink is the path to the symlink that points to itself. The path /root/symlink/ does not exist.
I'm not blocked by this issue in any way. Probably this issue is of low importance.
Now the Go has their own "generic" interfaces for filesystem roots, maybe it would make sense to migrate to using that rather than our own home-brew thing. Note that we want to be given the equivalent of fs.DirFS("/")
not fs.DirFS(root)
-- we are implementing our own resolution logic, and the unsafe path.Join
logic in io/fs
is not going to work.
Thanks for this package!
As you noted in the README, using SecureJoin()
before os.OpenFile()
is not always enough if the path components are modified between the 2 functions.
Do you know of Go projects doing this safely?
Can we have a tagged release? Mostly interested in having #7 included into a released version.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.