Skip to content

Commit

Permalink
Add disallowed filenames validator
Browse files Browse the repository at this point in the history
Co-authored-by: Julian Koberg <[email protected]>
Co-authored-by: Ralf Haferkamp <[email protected]>

Signed-off-by: Christian Richter <[email protected]>
  • Loading branch information
dragonchaser committed Jun 11, 2024
1 parent c9da900 commit 209cc1d
Show file tree
Hide file tree
Showing 5 changed files with 27 additions and 1 deletion.
7 changes: 7 additions & 0 deletions changelog/unreleased/filename-validator.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
Bugfix: Disallow illegal filenames filter

We have created a validator that checks if a filename is in a list of forbidden filenames.
This list is defined in the config file and can be extended by the administrator.

https://github.com/cs3org/reva/pull/4721
https://github.com/owncloud/ocis/issues/1002
2 changes: 1 addition & 1 deletion internal/grpc/services/gateway/storageprovider.go
Original file line number Diff line number Diff line change
Expand Up @@ -549,7 +549,7 @@ func (s *svc) InitiateFileDownload(ctx context.Context, req *provider.InitiateFi
func (s *svc) InitiateFileUpload(ctx context.Context, req *provider.InitiateFileUploadRequest) (*gateway.InitiateFileUploadResponse, error) {
var c provider.ProviderAPIClient
var err error
c, _, req.Ref, err = s.findAndUnwrap(ctx, req.Ref)
c, _, req.Ref, err = s.findAndUnwrapUnique(ctx, req.Ref)
if err != nil {
return &gateway.InitiateFileUploadResponse{
Status: status.NewStatusFromErrType(ctx, fmt.Sprintf("gateway could not find space for ref=%+v", req.Ref), err),
Expand Down
5 changes: 5 additions & 0 deletions internal/http/services/owncloud/ocdav/config/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@ type Config struct {
// NameValidation is the validation configuration for file and folder names
type NameValidation struct {
InvalidChars []string `mapstructure:"invalid_chars"`
InvalidNames []string `mapstructure:"invalid_names"`
MaxLength int `mapstructure:"max_length"`
}

Expand Down Expand Up @@ -83,6 +84,10 @@ func (c *Config) Init() {
c.NameValidation.InvalidChars = []string{"\f", "\r", "\n", "\\"}
}

if c.NameValidation.InvalidNames == nil {
c.NameValidation.InvalidNames = []string{"..", "."}
}

if c.NameValidation.MaxLength == 0 {
c.NameValidation.MaxLength = 255
}
Expand Down
1 change: 1 addition & 0 deletions internal/http/services/owncloud/ocdav/tus.go
Original file line number Diff line number Diff line change
Expand Up @@ -253,6 +253,7 @@ func (s *svc) handleTusPost(ctx context.Context, w http.ResponseWriter, r *http.
w.WriteHeader(http.StatusPreconditionFailed)
return
}
log.Error().Interface("status", uRes.Status).Msg("error initiating file upload")
errors.HandleErrorStatus(&log, w, uRes.Status)
return
}
Expand Down
13 changes: 13 additions & 0 deletions internal/http/services/owncloud/ocdav/validation.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,8 @@ func ValidatorsFromConfig(c *config.Config) []Validator {
// max length
vals = append(vals, isShorterThan(c.NameValidation.MaxLength))

vals = append(vals, invalidNames(c.NameValidation.InvalidNames))

return vals
}

Expand All @@ -35,6 +37,17 @@ func ValidateName(name string, validators []Validator) error {
return nil
}

func invalidNames(bad []string) Validator {
return func(s string) error {
for _, b := range bad {
if s == b {
return fmt.Errorf("must not be %s", b)
}
}
return nil
}
}

func notEmpty() Validator {
return func(s string) error {
if strings.TrimSpace(s) == "" {
Expand Down

0 comments on commit 209cc1d

Please sign in to comment.