diff options
| author | Sami Hiltunen <shiltunen@gitlab.com> | 2020-04-30 18:36:18 +0300 |
|---|---|---|
| committer | Sami Hiltunen <shiltunen@gitlab.com> | 2020-04-30 19:07:50 +0300 |
| commit | f89b33baaa4b34db9444d92466921c1e4a0a66f5 (patch) | |
| tree | d88c70165f0caec583463014f1791f8ea75824c0 /internal/helper/repo_test.go | |
| parent | 9bfdd53b6b9beca5f88500c8dd12d031d0fb6bc9 (diff) | |
improved path traversal protection
Currently relative paths are validated against path traversals although
in an incomplete manner. While relative paths with traversals do not cause
problems for Gitaly in itself, we need be sure that every path accessed lies
within the storage directories to ensure RPC callers can't access arbitrary
paths. This commit replaces the path traversal checks by checking that the
relative paths refer to paths within the root of the storage or the storage
root itself.
Diffstat (limited to 'internal/helper/repo_test.go')
| -rw-r--r-- | internal/helper/repo_test.go | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/internal/helper/repo_test.go b/internal/helper/repo_test.go index 4683124df..a4f7d00fa 100644 --- a/internal/helper/repo_test.go +++ b/internal/helper/repo_test.go @@ -104,15 +104,15 @@ func TestGetRepoPath(t *testing.T) { err: codes.InvalidArgument, }, { - desc: "relative path with one level traversal at the end", + desc: "relative path with traversal outside storage", storages: exampleStorages, - repo: &gitalypb.Repository{StorageName: "default", RelativePath: testhelper.TestRelativePath + "/.."}, + repo: &gitalypb.Repository{StorageName: "default", RelativePath: testhelper.TestRelativePath + "/../.."}, err: codes.InvalidArgument, }, { - desc: "relative path with one level dashed traversal at the end", + desc: "relative path with traversal outside storage with trailing slash", storages: exampleStorages, - repo: &gitalypb.Repository{StorageName: "default", RelativePath: testhelper.TestRelativePath + "/../"}, + repo: &gitalypb.Repository{StorageName: "default", RelativePath: testhelper.TestRelativePath + "/../../"}, err: codes.InvalidArgument, }, { @@ -205,13 +205,13 @@ func TestGetObjectDirectoryPath(t *testing.T) { err: codes.InvalidArgument, }, { - desc: "with one level traversal at the end", - repo: &gitalypb.Repository{StorageName: "default", RelativePath: testhelper.TestRelativePath, GitObjectDirectory: "objects/.."}, + desc: "with traversal outside repository", + repo: &gitalypb.Repository{StorageName: "default", RelativePath: testhelper.TestRelativePath, GitObjectDirectory: "objects/../.."}, err: codes.InvalidArgument, }, { - desc: "with one level dashed traversal at the end", - repo: &gitalypb.Repository{StorageName: "default", RelativePath: testhelper.TestRelativePath, GitObjectDirectory: "objects/../"}, + desc: "with traversal outside repository with trailing separator", + repo: &gitalypb.Repository{StorageName: "default", RelativePath: testhelper.TestRelativePath, GitObjectDirectory: "objects/../../"}, err: codes.InvalidArgument, }, { |