cerc-io/solidity
16
0
Fork 0
mirror of https://github.com/ethereum/solidity synced 2023-10-03 13:03:40 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #11236 from ethereum/fix-allowed-paths-with-stdin

Browse Source 
Fix stdin bypassing allowed paths
This commit is contained in:
chriseth 2021-04-19 18:03:05 +02:00 committed by GitHub
commit 8d169d3615
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 26 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Changelog.md
View File

@ -26,6 +26,7 @@ Compiler Features:
Bugfixes:
* Antlr Grammar: Fix parsing of import paths involving properly distinguishing between empty and non-empty string literals in general.
* AST Output: Fix ``kind`` field of ``ModifierInvocation`` for base constructor calls.
* Commandline interface: Fix standard input bypassing allowed path checks.
* SMTChecker: Fix false positive and false negative on ``push`` as LHS of a compound assignment.
* SMTChecker: Fix false positive in contracts that cannot be deployed.
* SMTChecker: Fix internal error on public getter returning dynamic data on older EVM versions where these are not available.

9
solc/CommandLineInterface.cpp
View File

@ -585,15 +585,15 @@ bool CommandLineInterface::readInputFilesAndConfigureRemappings()
if (eq != path.end())
{
if (auto r = ImportRemapper::parseRemapping(path))
{
m_remappings.emplace_back(std::move(*r));
path = string(eq + 1, path.end());
}
else
{
serr() << "Invalid remapping: \"" << path << "\"." << endl;
return false;
}
string remappingTarget(eq + 1, path.end());
m_fileReader.allowDirectory(boost::filesystem::path(remappingTarget).remove_filename());
}
else if (path == "-")
addStdin = true;
@ -628,9 +628,8 @@ bool CommandLineInterface::readInputFilesAndConfigureRemappings()
// NOTE: we ignore the FileNotFound exception as we manually check above
m_fileReader.setSource(infile, readFileAsString(infile.string()));
path = boost::filesystem::canonical(infile).string();
m_fileReader.allowDirectory(boost::filesystem::path(boost::filesystem::canonical(infile).string()).remove_filename());
}
m_fileReader.allowDirectory(boost::filesystem::path(path).remove_filename());
}
if (addStdin)

1
test/cmdlineTests/stdin_allowed_paths/args Normal file
View File

@ -0,0 +1 @@
-

11
test/cmdlineTests/stdin_allowed_paths/err Normal file
View File

@ -0,0 +1,11 @@
Error: Source "too_long_line/input.sol" not found: File outside of allowed directories.
--> <stdin>:4:1:
|
4 | import "../too_long_line/input.sol";
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Error: Source "error_codes/input.sol" not found: File outside of allowed directories.
--> stdin_allowed_paths/input.sol:4:1:
|
4 | import "../error_codes/input.sol";
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

1
test/cmdlineTests/stdin_allowed_paths/exit Normal file
View File

@ -0,0 +1 @@
1

4
test/cmdlineTests/stdin_allowed_paths/input.sol Normal file
View File

@ -0,0 +1,4 @@
// SPDX-License-Identifier: GPL-3.0
pragma solidity >=0.0;
import "../error_codes/input.sol";

4
test/cmdlineTests/stdin_allowed_paths/stdin Normal file
View File

@ -0,0 +1,4 @@
// SPDX-License-Identifier: GPL-3.0
pragma solidity >=0.0;
import "../too_long_line/input.sol";