From 0d4871ad105f7a41b6e5d624e4fdc5ebca37d07e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kamil=20=C5=9Aliwak?= <kamil.sliwak@codepoets.it>
Date: Sat, 10 Apr 2021 16:54:58 +0200
Subject: [PATCH] Prevent adding '-' CLI flag to allowed paths as if it was an
 actual file

- This resulted in a bug where using stdin was effectively disabling allowed path checks.
---
 Changelog.md                                    |  1 +
 solc/CommandLineInterface.cpp                   |  9 ++++-----
 test/cmdlineTests/stdin_allowed_paths/args      |  1 +
 test/cmdlineTests/stdin_allowed_paths/err       | 11 +++++++++++
 test/cmdlineTests/stdin_allowed_paths/exit      |  1 +
 test/cmdlineTests/stdin_allowed_paths/input.sol |  4 ++++
 test/cmdlineTests/stdin_allowed_paths/stdin     |  4 ++++
 7 files changed, 26 insertions(+), 5 deletions(-)
 create mode 100644 test/cmdlineTests/stdin_allowed_paths/args
 create mode 100644 test/cmdlineTests/stdin_allowed_paths/err
 create mode 100644 test/cmdlineTests/stdin_allowed_paths/exit
 create mode 100644 test/cmdlineTests/stdin_allowed_paths/input.sol
 create mode 100644 test/cmdlineTests/stdin_allowed_paths/stdin

diff --git a/Changelog.md b/Changelog.md
index b8244c205..38c1c040d 100644
--- a/Changelog.md
+++ b/Changelog.md
@@ -26,6 +26,7 @@ Compiler Features:
 Bugfixes:
  * Antlr Grammar: Fix parsing of import paths involving properly distinguishing between empty and non-empty string literals in general.
  * AST Output: Fix ``kind`` field of ``ModifierInvocation`` for base constructor calls.
+ * Commandline interface: Fix standard input bypassing allowed path checks.
  * SMTChecker: Fix false positive and false negative on ``push`` as LHS of a compound assignment.
  * SMTChecker: Fix false positive in contracts that cannot be deployed.
  * SMTChecker: Fix internal error on public getter returning dynamic data on older EVM versions where these are not available.
diff --git a/solc/CommandLineInterface.cpp b/solc/CommandLineInterface.cpp
index d0c9e81ee..cb282c5c6 100644
--- a/solc/CommandLineInterface.cpp
+++ b/solc/CommandLineInterface.cpp
@@ -585,15 +585,15 @@ bool CommandLineInterface::readInputFilesAndConfigureRemappings()
 			if (eq != path.end())
 			{
 				if (auto r = ImportRemapper::parseRemapping(path))
-				{
 					m_remappings.emplace_back(std::move(*r));
-					path = string(eq + 1, path.end());
-				}
 				else
 				{
 					serr() << "Invalid remapping: \"" << path << "\"." << endl;
 					return false;
 				}
+
+				string remappingTarget(eq + 1, path.end());
+				m_fileReader.allowDirectory(boost::filesystem::path(remappingTarget).remove_filename());
 			}
 			else if (path == "-")
 				addStdin = true;
@@ -628,9 +628,8 @@ bool CommandLineInterface::readInputFilesAndConfigureRemappings()
 
 				// NOTE: we ignore the FileNotFound exception as we manually check above
 				m_fileReader.setSource(infile, readFileAsString(infile.string()));
-				path = boost::filesystem::canonical(infile).string();
+				m_fileReader.allowDirectory(boost::filesystem::path(boost::filesystem::canonical(infile).string()).remove_filename());
 			}
-			m_fileReader.allowDirectory(boost::filesystem::path(path).remove_filename());
 		}
 
 	if (addStdin)
diff --git a/test/cmdlineTests/stdin_allowed_paths/args b/test/cmdlineTests/stdin_allowed_paths/args
new file mode 100644
index 000000000..39cdd0ded
--- /dev/null
+++ b/test/cmdlineTests/stdin_allowed_paths/args
@@ -0,0 +1 @@
+-
diff --git a/test/cmdlineTests/stdin_allowed_paths/err b/test/cmdlineTests/stdin_allowed_paths/err
new file mode 100644
index 000000000..e25a6567c
--- /dev/null
+++ b/test/cmdlineTests/stdin_allowed_paths/err
@@ -0,0 +1,11 @@
+Error: Source "too_long_line/input.sol" not found: File outside of allowed directories.
+ --> <stdin>:4:1:
+  |
+4 | import "../too_long_line/input.sol";
+  | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Error: Source "error_codes/input.sol" not found: File outside of allowed directories.
+ --> stdin_allowed_paths/input.sol:4:1:
+  |
+4 | import "../error_codes/input.sol";
+  | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
diff --git a/test/cmdlineTests/stdin_allowed_paths/exit b/test/cmdlineTests/stdin_allowed_paths/exit
new file mode 100644
index 000000000..d00491fd7
--- /dev/null
+++ b/test/cmdlineTests/stdin_allowed_paths/exit
@@ -0,0 +1 @@
+1
diff --git a/test/cmdlineTests/stdin_allowed_paths/input.sol b/test/cmdlineTests/stdin_allowed_paths/input.sol
new file mode 100644
index 000000000..dfe1f7070
--- /dev/null
+++ b/test/cmdlineTests/stdin_allowed_paths/input.sol
@@ -0,0 +1,4 @@
+// SPDX-License-Identifier: GPL-3.0
+pragma solidity >=0.0;
+
+import "../error_codes/input.sol";
diff --git a/test/cmdlineTests/stdin_allowed_paths/stdin b/test/cmdlineTests/stdin_allowed_paths/stdin
new file mode 100644
index 000000000..776d152d7
--- /dev/null
+++ b/test/cmdlineTests/stdin_allowed_paths/stdin
@@ -0,0 +1,4 @@
+// SPDX-License-Identifier: GPL-3.0
+pragma solidity >=0.0;
+
+import "../too_long_line/input.sol";