From bd5a73e09a5f1ef993abf2415c6526172e3c97b5 Mon Sep 17 00:00:00 2001
From: "Aaron.Zhang" <bozhang@ebay.com>
Date: Fri, 14 Jun 2024 13:01:37 +0800
Subject: [PATCH] use exact match for illegal path check (#34539)

In our environment, the file system directory is as follows:

Tue Jun 04 22:28:35][#48# ]$df -h
Filesystem                 Size  Used Avail Use% Mounted on
tmpfs                       77G  104K   77G   1% /dev/shm
tmpfs                       31G  9.8M   31G   1% /run
tmpfs                      5.0M     0  5.0M   0% /run/lock
tmpfs                      4.0M     0  4.0M   0% /sys/fs/cgroup
/dev/mapper/atomicos-root  150G  144G  5.8G  97% /sysroot
/dev/vda2                  483M   84M  400M  18% /boot
/dev/vdc                   1.2T   87G  1.1T   8% /sysroot/home/centos/external

We have a directory named /sysroot. If the envoy config file is the that directory, envoy can not start up.

[2024-06-04 22:28:35.581][3382724][critical][main] [source/server/server.cc:131] error initializing configuration 'configs/envoy.yaml': Invalid path: configs/envoy.yaml
[2024-06-04 22:28:35.581][3382724][info][main] [source/server/server.cc:972] exiting
Invalid path: configs/envoy.yaml

In my mind, envoy should only check the default system directory such as /dev /sys /proc as illegal path.
So it is better to use exact match instead of startwith match.

Signed-off-by: Zhang Bo <bozhang@ebay.com>
---
 source/common/filesystem/posix/filesystem_impl.cc | 10 +++++++---
 tools/spelling/spelling_dictionary.txt            |  1 +
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/source/common/filesystem/posix/filesystem_impl.cc b/source/common/filesystem/posix/filesystem_impl.cc
index d9714ce37b9b..b10aa7bdee18 100644
--- a/source/common/filesystem/posix/filesystem_impl.cc
+++ b/source/common/filesystem/posix/filesystem_impl.cc
@@ -339,9 +339,13 @@ bool InstanceImplPosix::illegalPath(const std::string& path) {
   // platform in the future, growing these or relaxing some constraints (e.g.
   // there are valid reasons to go via /proc for file paths).
   // TODO(htuch): Optimize this as a hash lookup if we grow any further.
-  if (absl::StartsWith(canonical_path.return_value_, "/dev") ||
-      absl::StartsWith(canonical_path.return_value_, "/sys") ||
-      absl::StartsWith(canonical_path.return_value_, "/proc")) {
+  // It will allow the canonical path such as /sysroot/ which is not the
+  // default reserved directories (/dev, /sys, /proc)
+  if (absl::StartsWith(canonical_path.return_value_, "/dev/") ||
+      absl::StartsWith(canonical_path.return_value_, "/sys/") ||
+      absl::StartsWith(canonical_path.return_value_, "/proc/") ||
+      canonical_path.return_value_ == "/dev" || canonical_path.return_value_ == "/sys" ||
+      canonical_path.return_value_ == "/proc") {
     return true;
   }
   return false;
diff --git a/tools/spelling/spelling_dictionary.txt b/tools/spelling/spelling_dictionary.txt
index 4c8efee1ae6c..670192ef17d7 100644
--- a/tools/spelling/spelling_dictionary.txt
+++ b/tools/spelling/spelling_dictionary.txt
@@ -1349,6 +1349,7 @@ sys
 syscall
 syscalls
 sysctl
+sysroot
 sz
 tchar
 tchars