forked from lix-project/lix
path fetcher: Fix relative path check
This commit is contained in:
parent
be69a98d2c
commit
5cbb9c5406
2 changed files with 11 additions and 6 deletions
|
@ -85,18 +85,23 @@ struct PathInputScheme : InputScheme
|
||||||
std::string absPath;
|
std::string absPath;
|
||||||
auto path = getStrAttr(input.attrs, "path");
|
auto path = getStrAttr(input.attrs, "path");
|
||||||
|
|
||||||
if (path[0] != '/' && input.parent) {
|
if (path[0] != '/') {
|
||||||
|
if (!input.parent)
|
||||||
|
throw Error("cannot fetch input '%s' because it uses a relative path", input.to_string());
|
||||||
|
|
||||||
auto parent = canonPath(*input.parent);
|
auto parent = canonPath(*input.parent);
|
||||||
|
|
||||||
// the path isn't relative, prefix it
|
// the path isn't relative, prefix it
|
||||||
absPath = canonPath(parent + "/" + path);
|
absPath = nix::absPath(path, parent);
|
||||||
|
|
||||||
// for security, ensure that if the parent is a store path, it's inside it
|
// for security, ensure that if the parent is a store path, it's inside it
|
||||||
if (!parent.rfind(store->storeDir, 0) && absPath.rfind(store->storeDir, 0))
|
if (store->isInStore(parent) && !isInDir(absPath, parent))
|
||||||
throw BadStorePath("relative path '%s' points outside of its parent's store path %s, this is a security violation", path, parent);
|
throw BadStorePath("relative path '%s' [%s] points outside of its parent's store path '%s'", path, absPath, parent);
|
||||||
} else
|
} else
|
||||||
absPath = path;
|
absPath = path;
|
||||||
|
|
||||||
|
Activity act(*logger, lvlTalkative, actUnknown, fmt("copying '%s'", absPath));
|
||||||
|
|
||||||
// FIXME: check whether access to 'path' is allowed.
|
// FIXME: check whether access to 'path' is allowed.
|
||||||
auto storePath = store->maybeParseStorePath(absPath);
|
auto storePath = store->maybeParseStorePath(absPath);
|
||||||
|
|
||||||
|
|
|
@ -766,7 +766,7 @@ cat > $flakeFollowsA/flake.nix <<EOF
|
||||||
{
|
{
|
||||||
description = "Flake A";
|
description = "Flake A";
|
||||||
inputs = {
|
inputs = {
|
||||||
B.url = "path:./../../flakeB";
|
B.url = "path:../flakeB";
|
||||||
};
|
};
|
||||||
outputs = { ... }: {};
|
outputs = { ... }: {};
|
||||||
}
|
}
|
||||||
|
@ -774,7 +774,7 @@ EOF
|
||||||
|
|
||||||
git -C $flakeFollowsA add flake.nix
|
git -C $flakeFollowsA add flake.nix
|
||||||
|
|
||||||
nix flake lock $flakeFollowsA 2>&1 | grep 'this is a security violation'
|
nix flake lock $flakeFollowsA 2>&1 | grep 'points outside'
|
||||||
|
|
||||||
# Test flake in store does not evaluate
|
# Test flake in store does not evaluate
|
||||||
rm -rf $badFlakeDir
|
rm -rf $badFlakeDir
|
||||||
|
|
Loading…
Reference in a new issue