Do not whitelist any paths if remapping target is empty

This commit is contained in:
Kamil Śliwak 2021-07-23 20:27:50 +02:00
parent 8a8471d9cc
commit c0b8378782
3 changed files with 14 additions and 11 deletions

View File

@ -356,14 +356,17 @@ bool CommandLineParser::parseInputPathsAndRemappings()
return false; return false;
} }
// If the target is a directory, whitelist it. Otherwise whitelist containing dir. if (!remapping->target.empty())
// NOTE: /a/b/c/ is a directory while /a/b/c is not. {
boost::filesystem::path remappingDir = remapping->target; // If the target is a directory, whitelist it. Otherwise whitelist containing dir.
if (remappingDir.filename() != "..") // NOTE: /a/b/c/ is a directory while /a/b/c is not.
// As an exception we'll treat /a/b/c/.. as a directory too. It would be boost::filesystem::path remappingDir = remapping->target;
// unintuitive to whitelist /a/b/c when the target is equivalent to /a/b/. if (remappingDir.filename() != "..")
remappingDir.remove_filename(); // As an exception we'll treat /a/b/c/.. as a directory too. It would be
m_options.input.allowedDirectories.insert(remappingDir.empty() ? "." : remappingDir); // unintuitive to whitelist /a/b/c when the target is equivalent to /a/b/.
remappingDir.remove_filename();
m_options.input.allowedDirectories.insert(remappingDir.empty() ? "." : remappingDir);
}
m_options.input.remappings.emplace_back(move(remapping.value())); m_options.input.remappings.emplace_back(move(remapping.value()));
} }

View File

@ -418,7 +418,7 @@ BOOST_FIXTURE_TEST_CASE(allow_path_automatic_whitelisting_remappings, AllowPaths
// Adding a remapping with an empty target does not whitelist anything // Adding a remapping with an empty target does not whitelist anything
BOOST_TEST(checkImport("import '" + m_portablePrefix + "/a/b/c.sol'", {m_portablePrefix + "="}) == ImportCheck::PathDisallowed()); BOOST_TEST(checkImport("import '" + m_portablePrefix + "/a/b/c.sol'", {m_portablePrefix + "="}) == ImportCheck::PathDisallowed());
BOOST_TEST(checkImport("import '" + m_portablePrefix + "/a/b/c.sol'", {"../code/="}) == ImportCheck::PathDisallowed()); BOOST_TEST(checkImport("import '" + m_portablePrefix + "/a/b/c.sol'", {"../code/="}) == ImportCheck::PathDisallowed());
BOOST_TEST(checkImport("import '/../work/a/b/c.sol'", {"../code/=", "--base-path", m_portablePrefix})); BOOST_TEST(checkImport("import '/../work/a/b/c.sol'", {"../code/=", "--base-path", m_portablePrefix}) == ImportCheck::PathDisallowed());
// Adding a remapping that includes .. or . segments whitelists the parent dir and subdirectories // Adding a remapping that includes .. or . segments whitelists the parent dir and subdirectories
// of the resolved target // of the resolved target

View File

@ -168,7 +168,7 @@ BOOST_AUTO_TEST_CASE(cli_mode_options)
expectedOptions.input.addStdin = true; expectedOptions.input.addStdin = true;
expectedOptions.input.basePath = "/home/user/"; expectedOptions.input.basePath = "/home/user/";
expectedOptions.input.allowedDirectories = {"/tmp", "/home", "project", "../contracts", ".", "c", "/usr/lib"}; expectedOptions.input.allowedDirectories = {"/tmp", "/home", "project", "../contracts", "c", "/usr/lib"};
expectedOptions.input.ignoreMissingFiles = true; expectedOptions.input.ignoreMissingFiles = true;
expectedOptions.input.errorRecovery = (inputMode == InputMode::Compiler); expectedOptions.input.errorRecovery = (inputMode == InputMode::Compiler);
expectedOptions.output.dir = "/tmp/out"; expectedOptions.output.dir = "/tmp/out";
@ -307,7 +307,7 @@ BOOST_AUTO_TEST_CASE(assembly_mode_options)
}; };
expectedOptions.input.addStdin = true; expectedOptions.input.addStdin = true;
expectedOptions.input.basePath = "/home/user/"; expectedOptions.input.basePath = "/home/user/";
expectedOptions.input.allowedDirectories = {"/tmp", "/home", "project", "../contracts", ".", "c", "/usr/lib"}; expectedOptions.input.allowedDirectories = {"/tmp", "/home", "project", "../contracts", "c", "/usr/lib"};
expectedOptions.input.ignoreMissingFiles = true; expectedOptions.input.ignoreMissingFiles = true;
expectedOptions.output.overwriteFiles = true; expectedOptions.output.overwriteFiles = true;
expectedOptions.output.evmVersion = EVMVersion::spuriousDragon(); expectedOptions.output.evmVersion = EVMVersion::spuriousDragon();