lix-project/lix
20
55
Fork 31
Code Issues 344 Code Review (Gerrit) Projects 3 Releases Wiki Activity

Validate 'dir=' parameters

Browse source 
We reject any path element starting with a '.' (mostly to reject '.'
and '..').
This commit is contained in:
Eelco Dolstra 2019-05-01 20:23:39 +02:00
parent ab9e47284a
commit fa88f71520
1 changed files with 13 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
src/libexpr/primops/flakeref.cc
View file

@ -34,6 +34,11 @@ const static std::string pathRegex = "/?" + segmentRegex + "(?:/" + segmentRegex
// Note: '/' is not a valid query parameter, but so what... // Note: '/' is not a valid query parameter, but so what...
const static std::string paramRegex = "[a-z]+=[/a-zA-Z0-9._-]*"; const static std::string paramRegex = "[a-z]+=[/a-zA-Z0-9._-]*";
// 'dir' path elements cannot start with a '.'. We also reject
// potentially dangerous characters like ';'.
const static std::string subDirElemRegex = "(?:[a-zA-Z0-9_-]+[a-zA-Z0-9._-]*)";
const static std::string subDirRegex = subDirElemRegex + "(?:/" + subDirElemRegex + ")*";
FlakeRef::FlakeRef(const std::string & uri, bool allowRelative) FlakeRef::FlakeRef(const std::string & uri, bool allowRelative)
{ {
// FIXME: could combine this into one regex. // FIXME: could combine this into one regex.
@ -55,6 +60,8 @@ FlakeRef::FlakeRef(const std::string & uri, bool allowRelative)
static std::regex refRegex2(refRegex, std::regex::ECMAScript); static std::regex refRegex2(refRegex, std::regex::ECMAScript);
static std::regex subDirRegex2(subDirRegex, std::regex::ECMAScript);
std::cmatch match; std::cmatch match;
if (std::regex_match(uri.c_str(), match, flakeRegex)) { if (std::regex_match(uri.c_str(), match, flakeRegex)) {
IsAlias d; IsAlias d;
@ -100,7 +107,8 @@ FlakeRef::FlakeRef(const std::string & uri, bool allowRelative)
throw Error("invalid Git ref '%s'", value); throw Error("invalid Git ref '%s'", value);
ref = value; ref = value;
} else if (name == "dir") { } else if (name == "dir") {
// FIXME: validate value; should not contain relative paths if (!std::regex_match(value, subDirRegex2))
throw Error("flake '%s' has invalid subdirectory '%s'", uri, value);
subdir = value; subdir = value;
} else } else
// FIXME: should probably pass through unknown parameters // FIXME: should probably pass through unknown parameters
@ -124,6 +132,7 @@ FlakeRef::FlakeRef(const std::string & uri, bool allowRelative)
std::string FlakeRef::to_string() const std::string FlakeRef::to_string() const
{ {
std::string string; std::string string;
if (auto refData = std::get_if<FlakeRef::IsAlias>(&data)) if (auto refData = std::get_if<FlakeRef::IsAlias>(&data))
string = refData->alias; string = refData->alias;
@ -142,9 +151,12 @@ std::string FlakeRef::to_string() const
else abort(); else abort();
// FIXME: need to use ?rev etc. for IsGit URIs.
string += (ref ? "/" + *ref : "") + string += (ref ? "/" + *ref : "") +
(rev ? "/" + rev->to_string(Base16, false) : ""); (rev ? "/" + rev->to_string(Base16, false) : "");
if (subdir != "") string += "?dir=" + subdir; if (subdir != "") string += "?dir=" + subdir;
return string; return string;
} }