oss/luanti
oss/luanti
1
0
Fork 0
mirror of https://github.com/luanti-org/luanti.git synced 2025-07-02 16:38:41 +00:00
Code Wiki Activity

Fix script security path normalization in presence of links (#15481)

Browse source
This commit is contained in:
sfan5 2024-12-03 16:51:34 +01:00 committed by GitHub
parent e9080f91f2
commit a4d1b5b155
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
7 changed files with 112 additions and 38 deletions
Download patch file Download diff file Expand all files Collapse all files

44
src/unittest/test_filesys.cpp
View file

@ -24,6 +24,7 @@ public:
void testRemoveLastPathComponent();
void testRemoveLastPathComponentWithTrailingDelimiter();
void testRemoveRelativePathComponent();
void testAbsolutePath();
void testSafeWriteToFile();
void testCopyFileContents();
void testNonExist();
@ -39,6 +40,7 @@ void TestFileSys::runTests(IGameDef *gamedef)
TEST(testRemoveLastPathComponent);
TEST(testRemoveLastPathComponentWithTrailingDelimiter);
TEST(testRemoveRelativePathComponent);
TEST(testAbsolutePath);
TEST(testSafeWriteToFile);
TEST(testCopyFileContents);
TEST(testNonExist);
@ -55,7 +57,7 @@ static std::string p(std::string path)
for (size_t i = 0; i < path.size(); ++i) {
if (path[i] == '/') {
path.replace(i, 1, DIR_DELIM);
i += std::string(DIR_DELIM).size() - 1; // generally a no-op
i += strlen(DIR_DELIM) - 1; // generally a no-op
}
}
@ -259,6 +261,46 @@ void TestFileSys::testRemoveRelativePathComponent()
}
void TestFileSys::testAbsolutePath()
{
const auto dir_path = getTestTempDirectory();
/* AbsolutePath */
UASSERTEQ(auto, fs::AbsolutePath(""), ""); // empty is a not valid path
const auto cwd = fs::AbsolutePath(".");
UASSERTCMP(auto, !=, cwd, "");
{
const auto dir_path2 = getTestTempFile();
UASSERTEQ(auto, fs::AbsolutePath(dir_path2), ""); // doesn't exist
fs::CreateDir(dir_path2);
UASSERTCMP(auto, !=, fs::AbsolutePath(dir_path2), ""); // now it does
UASSERTEQ(auto, fs::AbsolutePath(dir_path2 + DIR_DELIM ".."), fs::AbsolutePath(dir_path));
}
/* AbsolutePathPartial */
// equivalent to AbsolutePath if it exists
UASSERTEQ(auto, fs::AbsolutePathPartial("."), cwd);
UASSERTEQ(auto, fs::AbsolutePathPartial(dir_path), fs::AbsolutePath(dir_path));
// usual usage of the function with a partially existing path
auto expect = cwd + DIR_DELIM + p("does/not/exist");
UASSERTEQ(auto, fs::AbsolutePathPartial("does/not/exist"), expect);
UASSERTEQ(auto, fs::AbsolutePathPartial(expect), expect);
// a nonsense combination as you couldn't actually access it, but allowed by function
UASSERTEQ(auto, fs::AbsolutePathPartial("bla/blub/../.."), cwd);
UASSERTEQ(auto, fs::AbsolutePathPartial("./bla/blub/../.."), cwd);
#ifdef __unix__
// one way to produce the error case is to remove more components than there are
// but only if the path does not actually exist ("/.." does exist).
UASSERTEQ(auto, fs::AbsolutePathPartial("/.."), "/");
UASSERTEQ(auto, fs::AbsolutePathPartial("/noexist/../.."), "");
#endif
// or with an empty path
UASSERTEQ(auto, fs::AbsolutePathPartial(""), "");
}
void TestFileSys::testSafeWriteToFile()
{
const std::string dest_path = getTestTempFile();