Fix #12065 restrict PATH to OM directories (#13369)

* Fix #12065: restrict PATH to OM directories

* boost system library is not needed anymore

Author: adrpo

OMCompiler/Compiler/Script/CevalScriptBackend.mo

@@ -1427,21 +1427,21 @@ algorithm
 
            result_file := selectResultFile(result_file, simflags);
 
-            executableSuffixedExe := stringAppend(executable, getSimulationExtension(Config.simCodeTarget(),Autoconf.platform));
-            logFile := stringAppend(executable,".log");
-            // adrpo: log file is deleted by buildModel! do NOT DELETE IT AGAIN!
-            // we should really have different log files for simulation/compilation!
-            // as the buildModel log file will be deleted here and that gives less information to the user!
-            if System.regularFileExists(logFile) then
-              0 := System.removeFile(logFile);
-            end if;
-            sim_call := stringAppendList({"\"",exeDir,executableSuffixedExe,"\""," ",simflags});
-            System.realtimeTick(ClockIndexes.RT_CLOCK_SIMULATE_SIMULATION);
-            SimulationResults.close() "Windows cannot handle reading and writing to the same file from different processes like any real OS :(";
-
-            resI := System.systemCall(sim_call, logFile);
-
-            timeSimulation := System.realtimeTock(ClockIndexes.RT_CLOCK_SIMULATE_SIMULATION);
+           executableSuffixedExe := stringAppend(executable, getSimulationExtension(Config.simCodeTarget(),Autoconf.platform));
+           logFile := stringAppend(executable,".log");
+           // adrpo: log file is deleted by buildModel! do NOT DELETE IT AGAIN!
+           // we should really have different log files for simulation/compilation!
+           // as the buildModel log file will be deleted here and that gives less information to the user!
+           if System.regularFileExists(logFile) then
+             0 := System.removeFile(logFile);
+           end if;
+           sim_call := stringAppendList({"\"",exeDir,executableSuffixedExe,"\""," ",simflags});
+           System.realtimeTick(ClockIndexes.RT_CLOCK_SIMULATE_SIMULATION);
+           SimulationResults.close() "Windows cannot handle reading and writing to the same file from different processes like any real OS :(";
+
+           resI := System.systemCallRestrictedEnv(sim_call, logFile);
+
+           timeSimulation := System.realtimeTock(ClockIndexes.RT_CLOCK_SIMULATE_SIMULATION);
 
          else
            result_file := "";
@@ -1537,7 +1537,7 @@ algorithm
           System.realtimeTick(ClockIndexes.RT_CLOCK_SIMULATE_SIMULATION);
           SimulationResults.close() "Windows cannot handle reading and writing to the same file from different processes like any real OS :(";
 
-          if 0 == System.systemCall(sim_call, logFile) then
+          if 0 == System.systemCallRestrictedEnv(sim_call, logFile) then
             result_file = stringAppendList(List.consOnTrue(not Testsuite.isRunning(),compileDir,{executable,"_res.",outputFormat_str}));
             timeSimulation = System.realtimeTock(ClockIndexes.RT_CLOCK_SIMULATE_SIMULATION);
             timeTotal = System.realtimeTock(ClockIndexes.RT_CLOCK_SIMULATE_TOTAL);
@@ -1601,7 +1601,7 @@ algorithm
           sim_call = stringAppendList({"\"",exeDir,executableSuffixedExe,"\""," ",simflags});
           System.realtimeTick(ClockIndexes.RT_CLOCK_SIMULATE_SIMULATION);
           SimulationResults.close() "Windows cannot handle reading and writing to the same file from different processes like any real OS :(";
-          resI = System.systemCall(sim_call, logFile);
+          resI = System.systemCallRestrictedEnv(sim_call, logFile);
           timeSimulation = System.realtimeTock(ClockIndexes.RT_CLOCK_SIMULATE_SIMULATION);
         else
           result_file = "";
@@ -3730,7 +3730,7 @@ algorithm
                cmakeCall + " && " +
                Autoconf.cmake + " --build . --parallel " + getProcsStr() + " --target install && " +
                "cd .. && rm -rf " + buildDir;
-        if 0 <> System.systemCall(cmd, outFile=logfile) then
+        if 0 <> System.systemCallRestrictedEnv(cmd, outFile=logfile) then
           Error.addMessage(Error.SIMULATOR_BUILD_ERROR, {"cmd: " + cmd + "\n" + System.readFile(logfile)});
           fail();
         end if;
@@ -3749,7 +3749,7 @@ algorithm
                cmakeCall + " && " +
                Autoconf.cmake + " --build . --parallel " + getProcsStr() + " --target install && " +
                "cd .. && rm -rf " + buildDir;
-        if 0 <> System.systemCall(cmd, outFile=logfile) then
+        if 0 <> System.systemCallRestrictedEnv(cmd, outFile=logfile) then
           Error.addMessage(Error.SIMULATOR_BUILD_ERROR, {"cmd: " + cmd + "\n" + System.readFile(logfile)});
           fail();
         end if;
@@ -3986,7 +3986,7 @@ algorithm
         cmd := "cd \"" +  fmutmp + "/sources\" && ./configure --host="+quote+platform+quote+
                " CFLAGS=" + quote + "-Os" + quote + " CPPFLAGS=" + quote + CPPFLAGS + quote+
                " LDFLAGS= && " + nozip;
-        if 0 <> System.systemCall(cmd, outFile=logfile) then
+        if 0 <> System.systemCallRestrictedEnv(cmd, outFile=logfile) then
           Error.addMessage(Error.SIMULATOR_BUILD_ERROR, {System.readFile(logfile)});
           System.removeFile(logfile);
           fail();
@@ -4076,7 +4076,7 @@ algorithm
   ExecStat.execStat("buildModelFMU: configured platform " + platform + " using " + cmd);
   if not finishedBuild then
     if not isWindows then
-      if 0 <> System.systemCall("cd " + dir + " && "+ Autoconf.make + " clean > /dev/null 2>&1") then
+      if 0 <> System.systemCallRestrictedEnv("cd " + dir + " && "+ Autoconf.make + " clean > /dev/null 2>&1") then
         Error.addMessage(Error.SIMULATOR_BUILD_ERROR, {"Failed to make clean"});
         fail();
       end if;
@@ -4353,7 +4353,7 @@ algorithm
       end if;
       ExecStat.execStat("buildModelFMU: Generate C++ for platform " + platform);
     end for;
-    if 0 <> System.systemCall(Autoconf.make + " -f " + filenameprefix + "_FMU.makefile clean", outFile=logfile) then
+    if 0 <> System.systemCallRestrictedEnv(Autoconf.make + " -f " + filenameprefix + "_FMU.makefile clean", outFile=logfile) then
       // do nothing
     end if;
     return;

OMCompiler/Compiler/SimCode/SimCodeFunctionUtil.mo

@@ -2573,7 +2573,7 @@ algorithm
   cflags := if stringEq(Config.simCodeTarget(),"JavaScript") then "-Os -Wno-warn-absolute-paths" else cflags;
   ldflags := System.getLDFlags();
   if Flags.getConfigBool(Flags.PARMODAUTO) then
-    ldflags := " -lParModelicaAuto -ltbb_static -lboost_system " + ldflags;
+    ldflags := " -lParModelicaAuto -ltbb_static " + ldflags;
   end if;
   rtlibs := if isFunction then Autoconf.ldflags_runtime else (if isFMU then Autoconf.ldflags_runtime_fmu else Autoconf.ldflags_runtime_sim);
   platform := System.modelicaPlatform();

OMCompiler/Compiler/SimCode/SimCodeUtil.mo

@@ -15983,7 +15983,7 @@ protected
   Integer numMatches;
   String cmakeVersionString;
 algorithm
-  retVal := System.systemCall(pathToCMake + " --version", cmakeVersionLogFile);
+  retVal := System.systemCallRestrictedEnv(pathToCMake + " --version", cmakeVersionLogFile);
   if 0 <> retVal then
     System.removeFile(cmakeVersionLogFile);
     Error.addInternalError("Failed to get version from " + pathToCMake, sourceInfo());

OMCompiler/Compiler/Template/CodegenFMUCpp.tpl

@@ -830,7 +830,7 @@ case SIMCODE(modelInfo=MODELINFO(__), makefileParams=MAKEFILE_PARAMS(__), simula
 
   # need boost system lib prior to C++11, forcing also dynamic libs
   ifeq ($(findstring USE_CPP_03,$(CFLAGS)),USE_CPP_03)
-    $(eval LIBS=$(LIBS) -L"$(BOOST_LIBS)" -l$(BOOST_SYSTEM_LIB))
+    $(eval LIBS=$(LIBS) -L"$(BOOST_LIBS)")
     $(eval BINARIES=$(BINARIES) $(BOOST_LIBS)/lib$(BOOST_SYSTEM_LIB)$(DLLEXT) <%platformbins%>)
   # link static libs to avoid dependencies; can't link all static under Linux
   else ifeq ($(findstring gcc,$(CC)),gcc)

OMCompiler/Compiler/Template/CodegenFMUCppOMSI.tpl

@@ -791,7 +791,7 @@ case SIMCODE(modelInfo=MODELINFO(__), makefileParams=MAKEFILE_PARAMS(__), simula
 
   # need boost system lib prior to C++11, forcing also dynamic libs
   ifeq ($(findstring USE_CPP_03,$(CFLAGS)),USE_CPP_03)
-    $(eval LIBS=$(LIBS) -L"$(BOOST_LIBS)" -l$(BOOST_SYSTEM_LIB))
+    $(eval LIBS=$(LIBS) -L"$(BOOST_LIBS)")
     $(eval BINARIES=$(BINARIES) $(BOOST_LIBS)/lib$(BOOST_SYSTEM_LIB)$(DLLEXT) <%platformbins%>)
   # link static libs to avoid dependencies; can't link all static under Linux
   else ifeq ($(findstring gcc,$(CC)),gcc)

OMCompiler/Compiler/Util/System.mo

@@ -41,6 +41,7 @@ encapsulated package System
 protected
 import Autoconf;
 import Error;
+import Settings;
 
 public function trim
 "removes chars in charsToRemove from begin and end of inString"
@@ -312,6 +313,77 @@ public function readFile
   external "C" outString = System_readFile(inString) annotation(Library = "omcruntime");
 end readFile;
 
+public function systemCallRestrictedEnv
+"@author: adrpo
+ This function will call system with restricted environment to make sure we do not pick executables or dlls from the PATH.
+ Only keep the OM or OMDev directories and the Windows ones in the PATH for the system call.
+ After the execution the PATH will be set back."
+  input String command;
+  input String outFile = "" "empty file means no redirection unless it is part of the command";
+  output Integer outInteger;
+protected
+  String savedPATH = "", newPATH = "", windowsPath = "", omInstallPath = "", omDevPath = "", pfix = "";
+algorithm
+  if Autoconf.os == "Windows_NT" then
+    // save path
+    try
+      savedPATH := readEnv("PATH");
+    else
+      savedPATH := "";
+      Error.addInternalError(getInstanceName() + " failed for: " + command + "! Could not read PATH environment variable.", sourceInfo());
+      fail();
+    end try;
+    // construct restricted path
+    newPATH := "";
+    // keep the OM or OMDev directories and the Windows ones
+    windowsPath := System.stringReplace(winGetSystemDirectory(), "\\", "/");
+    omInstallPath := System.stringReplace(Settings.getInstallationDirectoryPath(), "\\", "/");
+    try
+      omDevPath := System.stringReplace(readEnv("OMDEV"), "\\", "/");
+    else
+      omDevPath := "";
+    end try;
+    for p in listReverse(strtok(savedPATH, ";")) loop
+      pfix := System.stringReplace(p, "\\", "/");
+      if (0 == stringFind(pfix, windowsPath)) or
+         (0 == stringFind(pfix, omInstallPath)) or
+         (0 == stringFind(pfix, omDevPath))
+      then
+        newPATH := p + ";" + newPATH;
+      end if;
+    end for;
+    if stringEqual(newPATH, "") then
+      Error.addInternalError(getInstanceName() + " failed for: " + command + "! Failed to filter the PATH: " + savedPATH, sourceInfo());
+      fail();
+    end if;
+    setEnv("PATH", newPATH, true);
+    try
+      outInteger := systemCall(command, outFile);
+    else
+      Error.addInternalError(getInstanceName() + " failed for: " + command + "! Failed in the system call with restricted PATH: " + newPATH, sourceInfo());
+      setEnv("PATH", savedPATH, true);
+      fail();
+    end try;
+    setEnv("PATH", savedPATH, true);
+  else
+    outInteger := systemCall(command, outFile);
+  end if;
+end systemCallRestrictedEnv;
+
+public function winGetSystemDirectory "returns the Windows system directory on Windows and empty string on Linux"
+  output String outDirectory = "";
+algorithm
+  outDirectory := "";
+  if Autoconf.os == "Windows_NT" then
+    outDirectory := winGetSystemDirectoryA();
+  end if;
+end winGetSystemDirectory;
+
+protected function winGetSystemDirectoryA
+  output String str;
+  external "C" str=SystemImpl__winGetSystemDirectoryA() annotation(Library = "omcruntime");
+end winGetSystemDirectoryA;
+
 public function systemCall
   input String command;
   input String outFile = "" "empty file means no redirection unless it is part of the command";

OMCompiler/Compiler/runtime/systemimpl.c

@@ -160,6 +160,8 @@ static char *linker = (char *)def_linker;
 static char *cflags = (char *)def_cflags;
 static char *ldflags= (char *)def_ldflags;
 
+static char *winDirectory = NULL;
+
 /* TODO! FIXME!
  * we need to move these to threadData if we are to run things in parallel in OMC!
  */
@@ -653,6 +655,36 @@ int runProcess(const char* cmd, const char* outFile)
 }
 #endif
 
+char* SystemImpl__winGetSystemDirectoryA()
+{
+#if defined(__MINGW32__) || defined(_MSC_VER)
+  if (winDirectory) {
+    return winDirectory;
+  }
+  char* winDirectory = (char*) omc_alloc_interface.malloc(MAXPATHLEN * sizeof(char*));
+  if (!GetSystemDirectoryA(winDirectory, MAXPATHLEN-1)) {
+    LPVOID lpMsgBuf;
+    const char* ctokens[2];
+    FormatMessage(
+            FORMAT_MESSAGE_ALLOCATE_BUFFER |
+            FORMAT_MESSAGE_FROM_SYSTEM |
+            FORMAT_MESSAGE_IGNORE_INSERTS,
+            NULL,
+            GetLastError(),
+            MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
+            (LPTSTR) &lpMsgBuf,
+            0, NULL );
+    ctokens[0] = lpMsgBuf;
+    ctokens[1] = "";
+    c_add_message(NULL,-1, ErrorType_runtime,ErrorLevel_error, gettext("OMC unable to get the Windows system directory %s%s.\n"), ctokens, 2);
+    LocalFree(lpMsgBuf);
+  }
+  return winDirectory;
+#else
+  return "";
+#endif
+}
+
 int SystemImpl__systemCall(const char* str, const char* outFile)
 {
   int status = -1,ret_val = -1;

OMCompiler/SimulationRuntime/OMSICpp/CMakeLists.txt

@@ -483,9 +483,9 @@ ELSEIF(NOT FMU_TARGET)
 ENDIF(NOT(COMPILER_SUPPORTS_CXX11))
 
 IF(NOT FMU_TARGET)
-  FIND_PACKAGE(Boost REQUIRED COMPONENTS filesystem system serialization program_options)
+  FIND_PACKAGE(Boost REQUIRED COMPONENTS filesystem serialization program_options)
 ELSE(NOT FMU_TARGET)
-  FIND_PACKAGE(Boost COMPONENTS filesystem system serialization program_options)
+  FIND_PACKAGE(Boost COMPONENTS filesystem serialization program_options)
 ENDIF(NOT FMU_TARGET)
 
 # Use old C++ ABI for cross compilation of FMUs

OMCompiler/SimulationRuntime/OMSICpp/README

@@ -78,8 +78,8 @@ The following section explains the arguments that can be passed in more detail.
   linked statically.
 
   Sometimes it's necessary to link boost against it's real path libraries.
-  This means for example, that instead of linking against “-lboost_system”, the
-  makefiles will link against “-lboost1.55_system”. Use the BOOST_REALPATHS
+  This means for example, that instead of linking against “-lboost_filesystem”, the
+  makefiles will link against “-lboost1.55_filesystem”. Use the BOOST_REALPATHS
   argument for this purpose.
 
   If profiling informations for the runtime are required, they can be turned on

OMCompiler/SimulationRuntime/OMSICpp/runtime/src/Core/Modelica/CMakeLists.txt

@@ -38,10 +38,6 @@ if(${CMAKE_SYSTEM_NAME} MATCHES "Windows")
   set(FMI_ARCH_DIR "win32")
 endif(${CMAKE_SYSTEM_NAME} MATCHES "Windows")
 
-#GET_TARGET_PROPERTY(libboostSystem ${Boost_SYSTEM_LIBRARY} LOCATION)
-#GET_FILENAME_COMPONENT(libboostSystemNAME ${libboostSystem} NAME)
-#set(Boost_SYSTEM_LIBRARY_NAME ${libboostSystemNAME})
-
 set (BOOST_INCLUDE ${Boost_INCLUDE_DIRS})
 
 set (MODELICA_SYSTEM_LIB_EXT ${libModelicaSystemNameExt})
@@ -67,7 +63,6 @@ ENDFUNCTION()
 
 prepareBoostVar(Boost_FILESYSTEM_LIBRARY Boost_FILESYSTEM_LIBRARY_RELEASE Boost_FILESYSTEM_LIBRARY_DEBUG)
 prepareBoostVar(Boost_SERIALIZATION_LIBRARY Boost_SERIALIZATION_LIBRARY_RELEASE Boost_SERIALIZATION_LIBRARY_DEBUG)
-prepareBoostVar(Boost_SYSTEM_LIBRARY Boost_SYSTEM_LIBRARY_RELEASE Boost_SYSTEM_LIBRARY_DEBUG)
 prepareBoostVar(Boost_THREAD_LIBRARY Boost_THREAD_LIBRARY_RELEASE Boost_THREAD_LIBRARY_DEBUG)
 prepareBoostVar(Boost_PROGRAM_OPTIONS_LIBRARY Boost_PROGRAM_OPTIONS_LIBRARY_RELEASE Boost_PROGRAM_OPTIONS_LIBRARY_DEBUG)
 prepareBoostVar(Boost_LOG_LIBRARY Boost_LOG_LIBRARY_RELEASE Boost_LOG_LIBRARY_DEBUG)