refactor: Clean incoming filepaths before passing them to STFS

2022-01-13 19:11:40 +01:00
parent 44ea6f1573
commit 187715f7b2
2 changed files with 41 additions and 4 deletions
--- a/pkg/fs/filesystem.go
+++ b/pkg/fs/filesystem.go
@@ -97,6 +97,8 @@ func (f *STFS) Create(name string) (afero.File, error) {
 		return nil, os.ErrInvalid
 	}

+	name = cleanName(name)
+
 	if _, err := inventory.Stat(
 		f.metadata,

@@ -281,6 +283,8 @@ func (f *STFS) Mkdir(name string, perm os.FileMode) error {
 		return os.ErrPermission
 	}

+	name = cleanName(name)
+
 	f.ioLock.Lock()
 	defer f.ioLock.Unlock()

@@ -323,6 +327,8 @@ func (f *STFS) MkdirAll(path string, perm os.FileMode) error {
 		return os.ErrPermission
 	}

+	path = cleanName(path)
+
 	f.ioLock.Lock()
 	defer f.ioLock.Unlock()

@@ -366,6 +372,8 @@ func (f *STFS) Open(name string) (afero.File, error) {
 		return nil, os.ErrInvalid
 	}

+	name = cleanName(name)
+
 	return f.OpenFile(name, os.O_RDONLY, 0)
 }

@@ -380,6 +388,8 @@ func (f *STFS) OpenFile(name string, flag int, perm os.FileMode) (afero.File, er
 		return nil, os.ErrInvalid
 	}

+	name = cleanName(name)
+
 	f.ioLock.Lock()
 	defer f.ioLock.Unlock()

@@ -496,6 +506,8 @@ func (f *STFS) Remove(name string) error {
 		return os.ErrPermission
 	}

+	name = cleanName(name)
+
 	f.ioLock.Lock()
 	defer f.ioLock.Unlock()

@@ -557,6 +569,8 @@ func (f *STFS) RemoveAll(path string) error {
 		return os.ErrPermission
 	}

+	path = cleanName(path)
+
 	f.ioLock.Lock()
 	defer f.ioLock.Unlock()

@@ -586,6 +600,9 @@ func (f *STFS) Rename(oldname, newname string) error {
 		return os.ErrInvalid
 	}

+	oldname = cleanName(oldname)
+	newname = cleanName(newname)
+
 	f.ioLock.Lock()
 	defer f.ioLock.Unlock()

@@ -652,6 +669,8 @@ func (f *STFS) Stat(name string) (os.FileInfo, error) {
 		"name": name,
 	})

+	name = cleanName(name)
+
 	f.ioLock.Lock()
 	defer f.ioLock.Unlock()

@@ -718,6 +737,8 @@ func (f *STFS) Chmod(name string, mode os.FileMode) error {
 		return os.ErrInvalid
 	}

+	name = cleanName(name)
+
 	f.ioLock.Lock()
 	defer f.ioLock.Unlock()

@@ -757,6 +778,8 @@ func (f *STFS) Chown(name string, uid, gid int) error {
 		return os.ErrInvalid
 	}

+	name = cleanName(name)
+
 	f.ioLock.Lock()
 	defer f.ioLock.Unlock()

@@ -797,6 +820,8 @@ func (f *STFS) Chtimes(name string, atime time.Time, mtime time.Time) error {
 		return os.ErrInvalid
 	}

+	name = cleanName(name)
+
 	f.ioLock.Lock()
 	defer f.ioLock.Unlock()

@@ -827,10 +852,6 @@ func (f *STFS) lstatIfPossibleWithoutLocking(name string) (os.FileInfo, bool, er
 		"name": name,
 	})

-	if checkName(name) {
-		return nil, true, os.ErrInvalid
-	}
-
 	hdr, err := inventory.Stat(
 		f.metadata,

@@ -859,6 +880,8 @@ func (f *STFS) LstatIfPossible(name string) (os.FileInfo, bool, error) {
 		return nil, true, os.ErrInvalid
 	}

+	name = cleanName(name)
+
 	f.ioLock.Lock()
 	defer f.ioLock.Unlock()

@@ -883,6 +906,9 @@ func (f *STFS) SymlinkIfPossible(oldname, newname string) error {
 		return os.ErrInvalid
 	}

+	oldname = cleanName(oldname)
+	newname = cleanName(newname)
+
 	f.ioLock.Lock()
 	defer f.ioLock.Unlock()

@@ -898,6 +924,8 @@ func (f *STFS) ReadlinkIfPossible(name string) (string, error) {
 		return "", os.ErrInvalid
 	}

+	name = cleanName(name)
+
 	f.ioLock.Lock()
 	defer f.ioLock.Unlock()

@@ -912,3 +940,7 @@ func (f *STFS) ReadlinkIfPossible(name string) (string, error) {
 func checkName(name string) bool {
 	return len(name) == 0
 }
+
+func cleanName(name string) string {
+	return filepath.Clean(name)
+}
--- a/pkg/fs/filesystem_test.go
+++ b/pkg/fs/filesystem_test.go
@@ -639,6 +639,11 @@ var createTests = []struct {
 		createArgs{"/test.txt"},
 		false,
 	},
+	{
+		"Can create file /test.txt/",
+		createArgs{"/test.txt/"},
+		false,
+	},
 	{
 		"Can not create existing file/directory /",
 		createArgs{"/"},