Avoid filesystem access to network mounts by semantic history....

Avoid filesystem access to network mounts by semantic history. fileURLWithPath: and standardizedURL would both perform I/O. Issue 5740.

Avoid filesystem access to network mounts by semantic history....
135e1f5d · George Nachman · 2a527d57 · 135e1f5d · 135e1f5d · 135e1f5d
Commit 135e1f5d authored 7 years ago by George Nachman
--- a/sources/NSFileManager+iTerm.h
+++ b/sources/NSFileManager+iTerm.h
@@ -39,6 +39,9 @@
 - (BOOL)fileExistsAtPathLocally:(NSString *)filename
         additionalNetworkPaths:(NSArray<NSString *> *)additionalNetworkpaths;
  
+- (BOOL)fileHasForbiddenPrefix:(NSString *)filename
+        additionalNetworkPaths:(NSArray<NSString *> *)additionalNetworkpaths;
+
 // Returns the path to the user's desktop.
 - (NSString *)desktopDirectory;
  

--- a/sources/NSFileManager+iTerm.m
+++ b/sources/NSFileManager+iTerm.m
@@ -196,8 +196,8 @@ NSString * const DirectoryLocationDomain = @"DirectoryLocationDomain";
    return YES;
 }
  
- (BOOL)fileExistsAtPathLocally:(NSString *)filename
-         additionalNetworkPaths:(NSArray<NSString *> *)additionalNetworkPaths {
+- (BOOL)fileHasForbiddenPrefix:(NSString *)filename
+        additionalNetworkPaths:(NSArray<NSString *> *)additionalNetworkPaths {
    DLog(@"Additional network paths are: %@", additionalNetworkPaths);
    // Augment list of additional paths with nfs automounter mount points.
    NSMutableArray *networkPaths = [[additionalNetworkPaths mutableCopy] autorelease];
@@ -213,10 +213,17 @@ NSString * const DirectoryLocationDomain = @"DirectoryLocationDomain";
        }
        if ([filename hasPrefix:path]) {
            DLog(@"Filename %@ has prefix of ignored path %@", filename, path);
-            return NO;
+            return YES;
        }
    }
+    return NO;
+}
  
+- (BOOL)fileExistsAtPathLocally:(NSString *)filename
+         additionalNetworkPaths:(NSArray<NSString *> *)additionalNetworkPaths {
+    if ([self fileHasForbiddenPrefix:filename additionalNetworkPaths:additionalNetworkPaths]) {
+        return NO;
+    }
    struct statfs buf;
    int rc = statfs([filename UTF8String], &buf);
    if (rc != 0 || (buf.f_flags & MNT_LOCAL)) {

--- a/sources/iTermSemanticHistoryController.m
+++ b/sources/iTermSemanticHistoryController.m
@@ -48,6 +48,11 @@ NSString *const kSemanticHistoryWorkingDirectorySubstitutionKey = @"semanticHist
                              additionalNetworkPaths:[[iTermAdvancedSettingsModel pathsToIgnore] componentsSeparatedByString:@","]];
 }
  
+- (BOOL)fileHasForbiddenPrefix:(NSString *)path {
+    return [self.fileManager fileHasForbiddenPrefix:path
+                             additionalNetworkPaths:[[iTermAdvancedSettingsModel pathsToIgnore] componentsSeparatedByString:@","]];
+}
+
 - (NSString *)getFullPath:(NSString *)path
         workingDirectory:(NSString *)workingDirectory
               lineNumber:(NSString **)lineNumber
@@ -87,14 +92,30 @@ NSString *const kSemanticHistoryWorkingDirectorySubstitutionKey = @"semanticHist
        DLog(@"  Prepend working directory, giving %@", path);
    }
  
-    NSURL *url = [NSURL fileURLWithPath:path];
+    DLog(@"  Checking if file exists locally: %@", path);
  
-    // Resolve path by removing ./ and ../ etc
-    path = [[url standardizedURL] path];
-    DLog(@"  Standardized path is %@", path);
+    // NOTE: The path used to be standardized first. While that would allow us to catch
+    // network paths, it also caused filesystem access that would hit network paths.
+    // That was also true for fileURLWithPath:.
+    //
+    // I think the statfs() flag check ought to be enough to prevent network access, anyway.
+    // A second check for forbidden prefixes is performed below to ensure backward compatibility
+    // and respect for explicitly excluded paths. The latter category will now
+    // be stat()ed, although they were always stat()ed because of unintentional
+    // disk access in the old code.
  
    if ([self fileExistsAtPathLocally:path]) {
        DLog(@"    YES: A file exists at %@", path);
+        NSURL *url = [NSURL fileURLWithPath:path];
+
+        // Resolve path by removing ./ and ../ etc
+        path = [[url standardizedURL] path];
+        DLog(@"    Check standardized path for forbidden prefix %@", path);
+
+        if ([self fileHasForbiddenPrefix:path]) {
+            DLog(@"    NO: Standardized path has forbidden prefix.");
+            return nil;
+        }
        return path;
    }