From c0b83787821e0e2f609a0b92884e3b8c071e6afb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kamil=20=C5=9Aliwak?= Date: Fri, 23 Jul 2021 20:27:50 +0200 Subject: [PATCH] Do not whitelist any paths if remapping target is empty --- solc/CommandLineParser.cpp | 19 +++++++++++-------- test/solc/CommandLineInterfaceAllowPaths.cpp | 2 +- test/solc/CommandLineParser.cpp | 4 ++-- 3 files changed, 14 insertions(+), 11 deletions(-) diff --git a/solc/CommandLineParser.cpp b/solc/CommandLineParser.cpp index 62611eac1..d74bcbf04 100644 --- a/solc/CommandLineParser.cpp +++ b/solc/CommandLineParser.cpp @@ -356,14 +356,17 @@ bool CommandLineParser::parseInputPathsAndRemappings() return false; } - // If the target is a directory, whitelist it. Otherwise whitelist containing dir. - // NOTE: /a/b/c/ is a directory while /a/b/c is not. - boost::filesystem::path remappingDir = remapping->target; - if (remappingDir.filename() != "..") - // As an exception we'll treat /a/b/c/.. as a directory too. It would be - // unintuitive to whitelist /a/b/c when the target is equivalent to /a/b/. - remappingDir.remove_filename(); - m_options.input.allowedDirectories.insert(remappingDir.empty() ? "." : remappingDir); + if (!remapping->target.empty()) + { + // If the target is a directory, whitelist it. Otherwise whitelist containing dir. + // NOTE: /a/b/c/ is a directory while /a/b/c is not. + boost::filesystem::path remappingDir = remapping->target; + if (remappingDir.filename() != "..") + // As an exception we'll treat /a/b/c/.. as a directory too. It would be + // unintuitive to whitelist /a/b/c when the target is equivalent to /a/b/. + remappingDir.remove_filename(); + m_options.input.allowedDirectories.insert(remappingDir.empty() ? "." : remappingDir); + } m_options.input.remappings.emplace_back(move(remapping.value())); } diff --git a/test/solc/CommandLineInterfaceAllowPaths.cpp b/test/solc/CommandLineInterfaceAllowPaths.cpp index b69639d3c..bf6cf81bc 100644 --- a/test/solc/CommandLineInterfaceAllowPaths.cpp +++ b/test/solc/CommandLineInterfaceAllowPaths.cpp @@ -418,7 +418,7 @@ BOOST_FIXTURE_TEST_CASE(allow_path_automatic_whitelisting_remappings, AllowPaths // Adding a remapping with an empty target does not whitelist anything BOOST_TEST(checkImport("import '" + m_portablePrefix + "/a/b/c.sol'", {m_portablePrefix + "="}) == ImportCheck::PathDisallowed()); BOOST_TEST(checkImport("import '" + m_portablePrefix + "/a/b/c.sol'", {"../code/="}) == ImportCheck::PathDisallowed()); - BOOST_TEST(checkImport("import '/../work/a/b/c.sol'", {"../code/=", "--base-path", m_portablePrefix})); + BOOST_TEST(checkImport("import '/../work/a/b/c.sol'", {"../code/=", "--base-path", m_portablePrefix}) == ImportCheck::PathDisallowed()); // Adding a remapping that includes .. or . segments whitelists the parent dir and subdirectories // of the resolved target diff --git a/test/solc/CommandLineParser.cpp b/test/solc/CommandLineParser.cpp index 142ba31af..5644aaadd 100644 --- a/test/solc/CommandLineParser.cpp +++ b/test/solc/CommandLineParser.cpp @@ -168,7 +168,7 @@ BOOST_AUTO_TEST_CASE(cli_mode_options) expectedOptions.input.addStdin = true; expectedOptions.input.basePath = "/home/user/"; - expectedOptions.input.allowedDirectories = {"/tmp", "/home", "project", "../contracts", ".", "c", "/usr/lib"}; + expectedOptions.input.allowedDirectories = {"/tmp", "/home", "project", "../contracts", "c", "/usr/lib"}; expectedOptions.input.ignoreMissingFiles = true; expectedOptions.input.errorRecovery = (inputMode == InputMode::Compiler); expectedOptions.output.dir = "/tmp/out"; @@ -307,7 +307,7 @@ BOOST_AUTO_TEST_CASE(assembly_mode_options) }; expectedOptions.input.addStdin = true; expectedOptions.input.basePath = "/home/user/"; - expectedOptions.input.allowedDirectories = {"/tmp", "/home", "project", "../contracts", ".", "c", "/usr/lib"}; + expectedOptions.input.allowedDirectories = {"/tmp", "/home", "project", "../contracts", "c", "/usr/lib"}; expectedOptions.input.ignoreMissingFiles = true; expectedOptions.output.overwriteFiles = true; expectedOptions.output.evmVersion = EVMVersion::spuriousDragon();