Merge branch 'path_fixes' into 'master'

Path fixes Improve the path handling in Grit to guard against path traversal and accidentally shelling out. See merge request !8

Merge branch 'path_fixes' into 'master'
5b6ca7b0 · Dmitriy Zaporozhets · a7cd2c6f · 4a36e4c4 · 5b6ca7b0 · 5b6ca7b0
Commit 5b6ca7b0 authored 10 years ago by Dmitriy Zaporozhets
--- a/History.txt
+++ b/History.txt
+== 2.7.3
+  * Add guards against path traversal and leading '|'
+
 == 2.7.2
  * Make sure grit restores old timeout value even if exception occures
  

--- a/lib/grit/git-ruby/repository.rb
+++ b/lib/grit/git-ruby/repository.rb
@@ -683,7 +683,9 @@ module Grit
      end
  
      def self.add_file(name, contents)
-        File.open(name, 'w') do |f|
+        path = File.join(Dir.pwd, name)
+        raise "Invalid path: #{path}" unless File.absolute_path(path) == path
+        File.open(path, 'w') do |f|
          f.write contents
        end
      end

--- a/lib/grit/git.rb
+++ b/lib/grit/git.rb
@@ -117,7 +117,9 @@ module Grit
    #
    # Returns Boolean
    def fs_exist?(file)
-      File.exist?(File.join(self.git_dir, file))
+      path = File.join(self.git_dir, file)
+      raise "Invalid path: #{path}" unless File.absolute_path(path) == path
+      File.exist?(path)
    end
  
    # Read a normal file from the filesystem.
@@ -125,7 +127,9 @@ module Grit
    #
    # Returns the String contents of the file
    def fs_read(file)
-      File.read(File.join(self.git_dir, file))
+      path = File.join(self.git_dir, file)
+      raise "Invalid path: #{path}" unless File.absolute_path(path) == path
+      File.read(path)
    end
  
    # Write a normal file to the filesystem.
@@ -135,6 +139,7 @@ module Grit
    # Returns nothing
    def fs_write(file, contents)
      path = File.join(self.git_dir, file)
+      raise "Invalid path: #{path}" unless File.absolute_path(path) == path
      FileUtils.mkdir_p(File.dirname(path))
      File.open(path, 'w') do |f|
        f.write(contents)

--- a/test/test_git.rb
+++ b/test/test_git.rb
@@ -2,7 +2,7 @@ require File.dirname(__FILE__) + '/helper'
  
 class TestGit < Test::Unit::TestCase
  def setup
-    @git = Git.new(File.join(File.dirname(__FILE__), *%w[..]))
+    @git = Git.new(File.absolute_path(File.join(File.dirname(__FILE__), *%w[..])))
  end
  
  def teardown
@@ -83,6 +83,12 @@ class TestGit < Test::Unit::TestCase
    assert_equal 'bar', @git.fs_read('foo')
  end
  
+  def test_fs_read_path_traversal
+    assert_raise RuntimeError do
+      @git.fs_read('../foo')
+    end
+  end
+
  def test_fs_write
    f = stub
    f.expects(:write).with('baz')
@@ -91,6 +97,12 @@ class TestGit < Test::Unit::TestCase
    @git.fs_write('foo/bar', 'baz')
  end
  
+  def test_fs_write_path_traversal
+    assert_raise RuntimeError do
+      @git.fs_read('../foo/bar')
+    end
+  end
+
  def test_fs_delete
    FileUtils.expects(:rm_rf).with(File.join(@git.git_dir, 'foo'))
    @git.fs_delete('foo')