Skip to content

Commit

Permalink
fix: allow access to '..' in mapfs (aquasecurity#7575)
Browse files Browse the repository at this point in the history
Signed-off-by: nikpivkin <[email protected]>
  • Loading branch information
nikpivkin authored and fhielpos committed Dec 20, 2024
1 parent ca94c0d commit 0efa91d
Show file tree
Hide file tree
Showing 4 changed files with 31 additions and 4 deletions.
12 changes: 8 additions & 4 deletions pkg/mapfs/fs.go
Original file line number Diff line number Diff line change
Expand Up @@ -123,7 +123,7 @@ func (m *FS) CopyFilesUnder(dir string) error {

// Stat returns a FileInfo describing the file.
func (m *FS) Stat(name string) (fs.FileInfo, error) {
if strings.HasPrefix(name, "../") && m.underlyingRoot != "" {
if m.isPathAboveRoot(name) {
return os.Stat(filepath.Join(m.underlyingRoot, name))
}

Expand All @@ -145,15 +145,15 @@ func (m *FS) Stat(name string) (fs.FileInfo, error) {
// ReadDir reads the named directory
// and returns a list of directory entries sorted by filename.
func (m *FS) ReadDir(name string) ([]fs.DirEntry, error) {
if strings.HasPrefix(name, "../") && m.underlyingRoot != "" {
if m.isPathAboveRoot(name) {
return os.ReadDir(filepath.Join(m.underlyingRoot, name))
}
return m.root.ReadDir(cleanPath(name))
}

// Open opens the named file for reading.
func (m *FS) Open(name string) (fs.File, error) {
if strings.HasPrefix(name, "../") && m.underlyingRoot != "" {
if m.isPathAboveRoot(name) {
return os.Open(filepath.Join(m.underlyingRoot, name))
}
return m.root.Open(cleanPath(name))
Expand Down Expand Up @@ -188,7 +188,7 @@ func (m *FS) MkdirAll(path string, perm fs.FileMode) error {
// The caller is permitted to modify the returned byte slice.
// This method should return a copy of the underlying data.
func (m *FS) ReadFile(name string) ([]byte, error) {
if strings.HasPrefix(name, "../") && m.underlyingRoot != "" {
if m.isPathAboveRoot(name) {
return os.ReadFile(filepath.Join(m.underlyingRoot, name))
}

Expand Down Expand Up @@ -245,3 +245,7 @@ func cleanPath(path string) string {
path = strings.TrimLeft(path, "/") // Remove the leading slash
return path
}

func (m *FS) isPathAboveRoot(name string) bool {
return (name == ".." || strings.HasPrefix(name, "../")) && m.underlyingRoot != ""
}
23 changes: 23 additions & 0 deletions pkg/mapfs/fs_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -478,3 +478,26 @@ func TestFS_RemoveAll(t *testing.T) {
require.ErrorIs(t, err, fs.ErrNotExist)
})
}

func TestFS_WithUnderlyingRoot(t *testing.T) {
root := "testdata/subdir"
fsys := mapfs.New(mapfs.WithUnderlyingRoot(root))
require.NoError(t, fsys.WriteFile("foo.txt", root+"/foo.txt"))
require.NoError(t, fsys.WriteFile("..foo.txt", root+"/..foo.txt"))

fi, err := fsys.Stat("..")
require.NoError(t, err)
assert.True(t, fi.IsDir())

fi, err = fsys.Stat("../hello.txt")
require.NoError(t, err)
assert.False(t, fi.IsDir())

fi, err = fsys.Stat("foo.txt")
require.NoError(t, err)
assert.False(t, fi.IsDir())

fi, err = fsys.Stat("..foo.txt")
require.NoError(t, err)
assert.False(t, fi.IsDir())
}
Empty file.
Empty file.

0 comments on commit 0efa91d

Please sign in to comment.