Snappy

Merge lp:~mterry/snappy/allow-more-dots-15.04 into lp:~snappy-dev/snappy/15.04-deprecated

  1. allow-more-dots-15.04
  2. Merge into 15.04-deprecated
Proposed by Michael Terry
Status: Merged
Approved by: John Lenton
Approved revision: 447
Merged at revision: 449
Proposed branch: lp:~mterry/snappy/allow-more-dots-15.04
Merge into: lp:~snappy-dev/snappy/15.04-deprecated
Diff against target: 41 lines (+14/-1)
2 files modified
clickdeb/deb.go (+3/-1)
clickdeb/deb_test.go (+11/-0)
To merge this branch: bzr merge lp:~mterry/snappy/allow-more-dots-15.04
Reviewer Review Type Date Requested Status
John Lenton (community) Approve
Review via email: mp+260996@code.launchpad.net

Commit message

Allow ".." in file paths as long as it isn't an entire element. (i.e. allow "hello..you" or "...")

We call filepath.Clean right before our ".." check. So the only instances of ".." will be in the first element. That lets us simplify the check a lot.

This is a backport of r457 from trunk.

Description of the change

Allow ".." in file paths as long as it isn't an entire element. (i.e. allow "hello..you" or "...")

We call filepath.Clean right before our ".." check. So the only instances of ".." will be in the first element. That lets us simplify the check a lot.

This is a backport of r457 from trunk.

To post a comment you must log in.
Revision history for this message
Sergio Schvezov (sergiusens) wrote :

Do you mind adding a backport comment to the commit message for traceability since it seems to be lost with bzr.

Something like

bzr merge -c 457 lp:snappy or "changes from lp:~mterry/snappy/allow-more-dots"

Looks good

lp:~mterry/snappy/allow-more-dots-15.04 updated
447. By Michael Terry

Backport r457 from trunk, which allows .. in file paths as long as it isn't an entire element.

Revision history for this message
Michael Terry (mterry) wrote :

OK try now. I used merge instead of diff/patch and mentioned the revision in the commit.

Revision history for this message
John Lenton (chipaca) :
review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'clickdeb/deb.go'
2--- clickdeb/deb.go 2015-04-23 11:12:32 +0000
3+++ clickdeb/deb.go 2015-06-03 19:12:35 +0000
4@@ -95,7 +95,9 @@
5 // - no relative path allowed to prevent writing outside of the parent dir
6 func clickVerifyContentFn(path string) (string, error) {
7 path = filepath.Clean(path)
8- if strings.Contains(path, "..") {
9+ // Clean() will remove any internal ".." elements, except if it's a relative
10+ // path and the ".." element is the first one. So let's check for that:
11+ if path == ".." || strings.HasPrefix(path, "../") {
12 return "", ErrSnapInvalidContent
13 }
14
15
16=== modified file 'clickdeb/deb_test.go'
17--- clickdeb/deb_test.go 2015-04-13 20:58:56 +0000
18+++ clickdeb/deb_test.go 2015-06-03 19:12:35 +0000
19@@ -152,11 +152,22 @@
20 c.Assert(newPath, Equals, "foo/baz")
21 }
22
23+func (s *ClickDebTestSuite) TestClickVerifyContentFnThreeDotsOk(c *C) {
24+ newPath, err := clickVerifyContentFn(".../foo")
25+ c.Assert(err, IsNil)
26+ c.Assert(newPath, Equals, ".../foo")
27+}
28+
29 func (s *ClickDebTestSuite) TestClickVerifyContentFnNotOk(c *C) {
30 _, err := clickVerifyContentFn("./foo/../../baz")
31 c.Assert(err, Equals, ErrSnapInvalidContent)
32 }
33
34+func (s *ClickDebTestSuite) TestClickVerifyContentFnJustTwoDotsNotOk(c *C) {
35+ _, err := clickVerifyContentFn("..")
36+ c.Assert(err, Equals, ErrSnapInvalidContent)
37+}
38+
39 func (s *ClickDebTestSuite) TestTarCreate(c *C) {
40 // setup
41 builddir := c.MkDir()

Subscribers

People subscribed via source and target branches