mirror of
https://github.com/ethereum/solidity
synced 2023-10-03 13:03:40 +00:00
Only allow including from allowed directories.
This commit is contained in:
parent
bdbb7d8a40
commit
0c5d892dba
@ -27,6 +27,7 @@
|
|||||||
#include <fstream>
|
#include <fstream>
|
||||||
|
|
||||||
#include <boost/filesystem.hpp>
|
#include <boost/filesystem.hpp>
|
||||||
|
#include <boost/filesystem/operations.hpp>
|
||||||
#include <boost/algorithm/string.hpp>
|
#include <boost/algorithm/string.hpp>
|
||||||
|
|
||||||
#include "solidity/BuildInfo.h"
|
#include "solidity/BuildInfo.h"
|
||||||
@ -313,10 +314,11 @@ void CommandLineInterface::readInputFilesAndConfigureRemappings()
|
|||||||
{
|
{
|
||||||
auto eq = find(infile.begin(), infile.end(), '=');
|
auto eq = find(infile.begin(), infile.end(), '=');
|
||||||
if (eq != infile.end())
|
if (eq != infile.end())
|
||||||
m_remappings.push_back(make_pair(
|
{
|
||||||
string(infile.begin(), eq),
|
string target(eq + 1, infile.end());
|
||||||
string(eq + 1, infile.end())
|
m_remappings.push_back(make_pair(string(infile.begin(), eq), target));
|
||||||
));
|
m_allowedDirectories.push_back(boost::filesystem::path(target).remove_filename());
|
||||||
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
auto path = boost::filesystem::path(infile);
|
auto path = boost::filesystem::path(infile);
|
||||||
@ -332,7 +334,8 @@ void CommandLineInterface::readInputFilesAndConfigureRemappings()
|
|||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
m_sourceCodes[infile] = dev::contentsString(infile);
|
m_sourceCodes[path.string()] = dev::contentsString(path.string());
|
||||||
|
m_allowedDirectories.push_back(boost::filesystem::canonical(path).remove_filename());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
// Add empty remapping to try the path itself.
|
// Add empty remapping to try the path itself.
|
||||||
@ -515,8 +518,9 @@ bool CommandLineInterface::processInput()
|
|||||||
|
|
||||||
function<pair<string,string>(string const&)> fileReader = [this](string const& _path)
|
function<pair<string,string>(string const&)> fileReader = [this](string const& _path)
|
||||||
{
|
{
|
||||||
// Try to find the longest prefix match in all remappings. At the end, there will be an
|
// Try to find the longest prefix match in all remappings. At the end, there will bean
|
||||||
// empty remapping so that we also try the path itself.
|
// empty remapping so that we also try the path itself, but any file should be either
|
||||||
|
// in (a subdirectory of) the directory of an explicit source or a remapping target.
|
||||||
int errorLevel = 0;
|
int errorLevel = 0;
|
||||||
size_t longestPrefix = 0;
|
size_t longestPrefix = 0;
|
||||||
string bestMatchPath;
|
string bestMatchPath;
|
||||||
@ -531,7 +535,26 @@ bool CommandLineInterface::processInput()
|
|||||||
path.append(_path.begin() + virt.length(), _path.end());
|
path.append(_path.begin() + virt.length(), _path.end());
|
||||||
auto boostPath = boost::filesystem::path(path);
|
auto boostPath = boost::filesystem::path(path);
|
||||||
if (!boost::filesystem::exists(boostPath))
|
if (!boost::filesystem::exists(boostPath))
|
||||||
|
{
|
||||||
errorLevel = max(errorLevel, 0);
|
errorLevel = max(errorLevel, 0);
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
boostPath = boost::filesystem::canonical(boostPath);
|
||||||
|
bool isAllowed = false;
|
||||||
|
for (auto const& dir: m_allowedDirectories)
|
||||||
|
{
|
||||||
|
// If dir is a prefix of boostPath, we are fine.
|
||||||
|
if (
|
||||||
|
std::distance(dir.begin(), dir.end()) <= std::distance(boostPath.begin(), boostPath.end()) &&
|
||||||
|
std::equal(dir.begin(), dir.end(), boostPath.begin())
|
||||||
|
)
|
||||||
|
{
|
||||||
|
isAllowed = true;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (!isAllowed)
|
||||||
|
errorLevel = max(errorLevel, 2);
|
||||||
else if (!boost::filesystem::is_regular_file(boostPath))
|
else if (!boost::filesystem::is_regular_file(boostPath))
|
||||||
errorLevel = max(errorLevel, 1);
|
errorLevel = max(errorLevel, 1);
|
||||||
else
|
else
|
||||||
@ -544,9 +567,10 @@ bool CommandLineInterface::processInput()
|
|||||||
return make_pair(m_sourceCodes[bestMatchPath] = dev::contentsString(bestMatchPath), string());
|
return make_pair(m_sourceCodes[bestMatchPath] = dev::contentsString(bestMatchPath), string());
|
||||||
if (errorLevel == 0)
|
if (errorLevel == 0)
|
||||||
return make_pair(string(), string("File not found."));
|
return make_pair(string(), string("File not found."));
|
||||||
else
|
else if (errorLevel == 1)
|
||||||
return make_pair(string(), string("Not a valid file."));
|
return make_pair(string(), string("Not a valid file."));
|
||||||
|
else
|
||||||
|
return make_pair(string(), string("File outside of allowed directories."));
|
||||||
};
|
};
|
||||||
|
|
||||||
m_compiler.reset(new CompilerStack(m_args.count(g_argAddStandard) > 0, fileReader));
|
m_compiler.reset(new CompilerStack(m_args.count(g_argAddStandard) > 0, fileReader));
|
||||||
|
@ -24,6 +24,7 @@
|
|||||||
#include <libsolidity/interface/CompilerStack.h>
|
#include <libsolidity/interface/CompilerStack.h>
|
||||||
#include <memory>
|
#include <memory>
|
||||||
#include <boost/program_options.hpp>
|
#include <boost/program_options.hpp>
|
||||||
|
#include <boost/filesystem/path.hpp>
|
||||||
|
|
||||||
namespace dev
|
namespace dev
|
||||||
{
|
{
|
||||||
@ -80,6 +81,8 @@ private:
|
|||||||
std::map<std::string, std::string> m_sourceCodes;
|
std::map<std::string, std::string> m_sourceCodes;
|
||||||
/// list of path prefix remappings, e.g. github.com/ethereum -> /usr/local/ethereum
|
/// list of path prefix remappings, e.g. github.com/ethereum -> /usr/local/ethereum
|
||||||
std::vector<std::pair<std::string, std::string>> m_remappings;
|
std::vector<std::pair<std::string, std::string>> m_remappings;
|
||||||
|
/// list of allowed directories to read files from
|
||||||
|
std::vector<boost::filesystem::path> m_allowedDirectories;
|
||||||
/// map of library names to addresses
|
/// map of library names to addresses
|
||||||
std::map<std::string, h160> m_libraries;
|
std::map<std::string, h160> m_libraries;
|
||||||
/// Solidity compiler stack
|
/// Solidity compiler stack
|
||||||
|
Loading…
Reference in New Issue
Block a user