Do not whitelist any paths if remapping target is empty

2023-10-03 13:03:40 +00:00 · 2021-07-23 20:27:50 +02:00 · 2021-07-23 20:27:50 +02:00 · c0b8378782
commit c0b8378782
parent 8a8471d9cc
3 changed files with 14 additions and 11 deletions
--- a/solc/CommandLineParser.cpp
+++ b/solc/CommandLineParser.cpp
@ -356,14 +356,17 @@ bool CommandLineParser::parseInputPathsAndRemappings()
 					return false;
 				}

-				// If the target is a directory, whitelist it. Otherwise whitelist containing dir.
-				// NOTE: /a/b/c/ is a directory while /a/b/c is not.
-				boost::filesystem::path remappingDir = remapping->target;
-				if (remappingDir.filename() != "..")
-					// As an exception we'll treat /a/b/c/.. as a directory too. It would be
-					// unintuitive to whitelist /a/b/c when the target is equivalent to /a/b/.
-					remappingDir.remove_filename();
-				m_options.input.allowedDirectories.insert(remappingDir.empty() ? "." : remappingDir);
+				if (!remapping->target.empty())
+				{
+					// If the target is a directory, whitelist it. Otherwise whitelist containing dir.
+					// NOTE: /a/b/c/ is a directory while /a/b/c is not.
+					boost::filesystem::path remappingDir = remapping->target;
+					if (remappingDir.filename() != "..")
+						// As an exception we'll treat /a/b/c/.. as a directory too. It would be
+						// unintuitive to whitelist /a/b/c when the target is equivalent to /a/b/.
+						remappingDir.remove_filename();
+					m_options.input.allowedDirectories.insert(remappingDir.empty() ? "." : remappingDir);
+				}

 				m_options.input.remappings.emplace_back(move(remapping.value()));
 			}
--- a/test/solc/CommandLineInterfaceAllowPaths.cpp
+++ b/test/solc/CommandLineInterfaceAllowPaths.cpp
@ -418,7 +418,7 @@ BOOST_FIXTURE_TEST_CASE(allow_path_automatic_whitelisting_remappings, AllowPaths
 	// Adding a remapping with an empty target does not whitelist anything
 	BOOST_TEST(checkImport("import '" + m_portablePrefix + "/a/b/c.sol'", {m_portablePrefix + "="}) == ImportCheck::PathDisallowed());
 	BOOST_TEST(checkImport("import '" + m_portablePrefix + "/a/b/c.sol'", {"../code/="}) == ImportCheck::PathDisallowed());
-	BOOST_TEST(checkImport("import '/../work/a/b/c.sol'", {"../code/=", "--base-path", m_portablePrefix}));
+	BOOST_TEST(checkImport("import '/../work/a/b/c.sol'", {"../code/=", "--base-path", m_portablePrefix}) == ImportCheck::PathDisallowed());

 	// Adding a remapping that includes .. or . segments whitelists the parent dir and subdirectories
 	// of the resolved target
--- a/test/solc/CommandLineParser.cpp
+++ b/test/solc/CommandLineParser.cpp
@ -168,7 +168,7 @@ BOOST_AUTO_TEST_CASE(cli_mode_options)

 		expectedOptions.input.addStdin = true;
 		expectedOptions.input.basePath = "/home/user/";
-		expectedOptions.input.allowedDirectories = {"/tmp", "/home", "project", "../contracts", ".", "c", "/usr/lib"};
+		expectedOptions.input.allowedDirectories = {"/tmp", "/home", "project", "../contracts", "c", "/usr/lib"};
 		expectedOptions.input.ignoreMissingFiles = true;
 		expectedOptions.input.errorRecovery = (inputMode == InputMode::Compiler);
 		expectedOptions.output.dir = "/tmp/out";
@ -307,7 +307,7 @@ BOOST_AUTO_TEST_CASE(assembly_mode_options)
 		};
 		expectedOptions.input.addStdin = true;
 		expectedOptions.input.basePath = "/home/user/";
-		expectedOptions.input.allowedDirectories = {"/tmp", "/home", "project", "../contracts", ".", "c", "/usr/lib"};
+		expectedOptions.input.allowedDirectories = {"/tmp", "/home", "project", "../contracts", "c", "/usr/lib"};
 		expectedOptions.input.ignoreMissingFiles = true;
 		expectedOptions.output.overwriteFiles = true;
 		expectedOptions.output.evmVersion = EVMVersion::spuriousDragon();