cerc-io/solidity
15
0
Fork 0
mirror of https://github.com/ethereum/solidity synced 2023-10-03 13:03:40 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Check for path permissions before opening file in the CLI file reader

Browse Source
This commit is contained in:
Alex Beregszaszi 2017-04-20 20:01:17 +01:00
parent 965de29772
commit b30fad4a49
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
solc/CommandLineInterface.cpp
View File

@ -638,8 +638,6 @@ bool CommandLineInterface::processInput()
ReadFile::Callback fileReader = [this](string const& _path) ReadFile::Callback fileReader = [this](string const& _path)
{ {
auto path = boost::filesystem::path(_path); auto path = boost::filesystem::path(_path);
if (!boost::filesystem::exists(path))
return ReadFile::Result{false, "File not found."};
auto canonicalPath = boost::filesystem::canonical(path); auto canonicalPath = boost::filesystem::canonical(path);
bool isAllowed = false; bool isAllowed = false;
for (auto const& allowedDir: m_allowedDirectories) for (auto const& allowedDir: m_allowedDirectories)
@ -656,6 +654,8 @@ bool CommandLineInterface::processInput()
} }
if (!isAllowed) if (!isAllowed)
return ReadFile::Result{false, "File outside of allowed directories."}; return ReadFile::Result{false, "File outside of allowed directories."};
else if (!boost::filesystem::exists(path))
return ReadFile::Result{false, "File not found."};
else if (!boost::filesystem::is_regular_file(canonicalPath)) else if (!boost::filesystem::is_regular_file(canonicalPath))
return ReadFile::Result{false, "Not a valid file."}; return ReadFile::Result{false, "Not a valid file."};
else else