Skip to content
Permalink
Browse files
Fix cmdline file access security checks (#1183)
- Bypass Security.CheckSecurity(File) checks in cmdline mode.
- Move existing in-cmdline-mode checks before Security checks, since Security checks can throw an IOEx that shouldn't have to occur in cmdline mode.
  • Loading branch information
Pieter12345 committed May 3, 2020
1 parent 3a7df5e commit 596a64b55e9a243c1fba3a823bd66f33c8a75324
Show file tree
Hide file tree
Showing 4 changed files with 13 additions and 16 deletions.
@@ -1462,7 +1462,7 @@ public ParseTree optimizeDynamic(Target t, Environment env,
children.get(0).getTarget(), FileOptions.SuppressWarning.IncludedFileNotFound));
}
try {
if(!Security.CheckSecurity(file)) {
if(!Static.InCmdLine(env, true) && !Security.CheckSecurity(file)) {
throw new ConfigCompileException("Included file is inaccessible due to the base-dir setting",
children.get(0).getTarget());
}
@@ -82,12 +82,10 @@ public Integer[] numArgs() {
public Mixed exec(Target t, Environment env, Mixed... args) throws CancelCommandException, ConfigRuntimeException {
File location = Static.GetFileFromArgument(args[0].val(), env, t, null);
try {
if(!Static.InCmdLine(env, true)) {
//Verify this file is not above the craftbukkit directory (or whatever directory the user specified
//Cmdline mode doesn't currently have this restriction.
if(!Security.CheckSecurity(location)) {
throw new CRESecurityException("You do not have permission to access the file '" + location + "'", t);
}
//Verify this file is not above the craftbukkit directory (or whatever directory the user specified
//Cmdline mode doesn't currently have this restriction.
if(!Static.InCmdLine(env, true) && !Security.CheckSecurity(location)) {
throw new CRESecurityException("You do not have permission to access the file '" + location + "'", t);
}
String s = file_get_contents(location.getAbsolutePath());
s = s.replaceAll("\n|\r\n", "\n");
@@ -372,7 +370,7 @@ public Boolean runAsync() {
public Mixed exec(Target t, Environment environment, Mixed... args) throws ConfigRuntimeException {
File location = Static.GetFileFromArgument(args[0].val(), environment, t, null);
try {
if(!Security.CheckSecurity(location) && !Static.InCmdLine(environment, true)) {
if(!Static.InCmdLine(environment, true) && !Security.CheckSecurity(location)) {
throw new CRESecurityException("You do not have permission to access the file '" + location + "'", t);
}
} catch (IOException ex) {
@@ -488,12 +486,10 @@ public Boolean runAsync() {
public Mixed exec(Target t, Environment env, Mixed... args) throws ConfigRuntimeException {
File location = Static.GetFileFromArgument(args[0].val(), env, t, null);
try {
if(!Static.InCmdLine(env, true)) {
//Verify this file is not above the craftbukkit directory (or whatever directory the user specified
//Cmdline mode doesn't currently have this restriction.
if(!Security.CheckSecurity(location)) {
throw new CRESecurityException("You do not have permission to access the file '" + location + "'", t);
}
//Verify this file is not above the craftbukkit directory (or whatever directory the user specified
//Cmdline mode doesn't currently have this restriction.
if(!Static.InCmdLine(env, true) && !Security.CheckSecurity(location)) {
throw new CRESecurityException("You do not have permission to access the file '" + location + "'", t);
}
InputStream stream = new BufferedInputStream(new FileInputStream(location));
return CByteArray.wrap(StreamUtils.GetBytes(stream), t);
@@ -6,6 +6,7 @@
import com.laytonsmith.core.MethodScriptCompiler;
import com.laytonsmith.core.ParseTree;
import com.laytonsmith.core.Security;
import com.laytonsmith.core.Static;
import com.laytonsmith.core.constructs.Target;
import com.laytonsmith.core.environments.GlobalEnv;
import com.laytonsmith.core.exceptions.CRE.CREIOException;
@@ -47,7 +48,7 @@ public static ParseTree get(File file, com.laytonsmith.core.environments.Environ
MSLog.GetLogger().Log(TAG, LogLevel.VERBOSE, "Security check passed", t);
Profiler profiler = env.getEnv(GlobalEnv.class).GetProfiler();
try {
if(!Security.CheckSecurity(file)) {
if(!Static.InCmdLine(env, true) && !Security.CheckSecurity(file)) {
throw new CRESecurityException("The script cannot access " + file
+ " due to restrictions imposed by the base-dir setting.", t);
}
@@ -523,7 +523,7 @@ public Mixed exec(Target t, Environment env, Mixed... args) throws ConfigRuntime
File file = Static.GetFileFromArgument(args[0].val(), env, t, null);
int num = 0;
try {
if(Security.CheckSecurity(file)) {
if(Static.InCmdLine(env, true) || Security.CheckSecurity(file)) {
if(file.isDirectory()) {
HashMap<File, ParseTree> files = compileDirectory(file, env, t);
IncludeCache.addAll(files);

0 comments on commit 596a64b

Please sign in to comment.