Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(libsinsp): fix some path handling in fs.path #1571

Merged
merged 3 commits into from Dec 14, 2023

Conversation

incertum
Copy link
Contributor

What type of PR is this?

Uncomment one (or more) /kind <> lines:

/kind bug

/kind cleanup

/kind design

/kind documentation

/kind failing-test

/kind feature

Any specific area of the project related to this PR?

Uncomment one (or more) /area <> lines:

/area API-version

/area build

/area CI

/area driver-kmod

/area driver-bpf

/area driver-modern-bpf

/area libscap-engine-bpf

/area libscap-engine-gvisor

/area libscap-engine-kmod

/area libscap-engine-modern-bpf

/area libscap-engine-nodriver

/area libscap-engine-noop

/area libscap-engine-source-plugin

/area libscap-engine-savefile

/area libscap

/area libpman

/area libsinsp

/area tests

/area proposals

Does this PR require a change in the driver versions?

/version driver-API-version-major

/version driver-API-version-minor

/version driver-API-version-patch

/version driver-SCHEMA-version-major

/version driver-SCHEMA-version-minor

/version driver-SCHEMA-version-patch

What this PR does / why we need it:

fs.path* still had some minor bugs in handling path resolution and ensuring no trailing / is in the output fields.

Which issue(s) this PR fixes:

Fixes #

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

fix(libsinsp): fix some path handling in fs.path

@incertum
Copy link
Contributor Author

/milestone 0.14.0

@poiana poiana added the size/L label Dec 13, 2023
@poiana poiana added this to the 0.14.0 milestone Dec 13, 2023
Copy link
Contributor Author

@incertum incertum left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To the best of my testing abilities fd.name and fs.path.name now behave consistently the same way.

m_tstr = sinsp_utils::concatenate_paths(tinfo->get_cwd(), m_tstr);
if(m_tstr.front() != '/')
{
m_tstr = sinsp_utils::concatenate_paths(tinfo->get_cwd(), m_tstr.c_str());
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@federico-sysdig and @LucaGuerra hope you are ready for the next round 🤦‍♀️
Similar to the last PR we also have some issues here with the string. The possible trailing slash would not be removed otherwise. I have adjusted the unit tests to test this as well. Plus we also need to call concatenate_paths when the path is absolute. Absolute paths with path traversal happen on real-life servers.


const char *rel_filename_complex = "../\\.../../tmp/filename_complex";
const char *resolved_rel_filename_complex = "/tmp/filename_complex";

const char *rel_filename_nopath = "nopath";
const char *resolved_rel_filename_nopath = "/root/nopath";

const char *name = "/tmp/name";
const char *name = "/tmp/random/dir...///../../name/";
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Test for possible trailing / and path traversal for absolute paths.

verify_fields(evt, expected_name, expected_name, NULL, NULL, NULL, NULL);
}

void test_exit_path_raw(const char *expected_name,
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We could convert test_exit_path_raw to test_exit_path. That way the unit tests are clearer and more functional.

Copy link
Contributor

@federico-sysdig federico-sysdig left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wrote just a few comments.

userspace/libsinsp/utils.cpp Outdated Show resolved Hide resolved
} else
{
// concatenate_paths takes care of resolving the path
m_tstr = sinsp_utils::concatenate_paths("", m_tstr.c_str());
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

std::string should be automatically cast to std::string_view, I don't think you need the c_str() call (which needs an automatic cast from const char* to std::string_view anyway). A similar simplification can be done a few lines above.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We had that discussion before, nothing else worked here ...

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please, forgive me, I forgot. I'm aging. I'm noticing that we do pass a straight std::string to this function elsewhere. Do you mean that in this specific call instance it is not working? As in not compiling or not doing the right concatenation?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's not doing the right concatenation. I developed and tested on my fedora Linux box.

Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
@incertum
Copy link
Contributor Author

Rebased and squashed with the solution we all want, but I am now still getting some errors locally:

[  PASSED  ] 417 tests.
[  FAILED  ] 4 tests, listed below:
[  FAILED  ] fspath.unlinkat_2
[  FAILED  ] fspath.open
[  FAILED  ] fspath.openat_2
[  FAILED  ] fspath.openat2

all similar like:

Expected equality of these values:
  get_field_as_string(evt, fs_path_name).c_str()
    Which is: "/root/tmp/name/"
  expected_name
    Which is: "/root/tmp/name"

@incertum
Copy link
Contributor Author

CI is confirming these failures.

@LucaGuerra
Copy link
Contributor

@incertum the problem lies in the m_tstr.assign() calls in that file. As you can see the are taking a raw buffer (incl. NUL terminator) and converting it into a string by giving it the total length so they will always include the NUL. We don't want that, so we should change those assignments to build the string only up to its length to e.g.:

m_tstr.assign((const char*) extract_values[0].ptr, strnlen((const char*) extract_values[0].ptr, extract_values[0].len));

At this point I think we can safely remove the part that says:

	// If m_tstr ends in a c-style \0, remove it to be
	// consistent. Generally, the evt.rawarg fields above *will*
	// end in c-style \0 characters, while the ones that extract
	// from the enter event or have values populated by parsers
	// (e.g. fchmod/fchown) will not.
	if(m_tstr.back() == '\0')
	{
		m_tstr.pop_back();
	}

This becomes redundant because we already deal with the problem earlier as we should, I think it's good to maintain the invariant that m_tstr is a well formed string.

@@ -349,7 +348,14 @@ uint8_t* sinsp_filter_check_fspath::extract(sinsp_evt* evt, OUT uint32_t* len, b
return NULL;
}

m_tstr = sinsp_utils::concatenate_paths(tinfo->get_cwd(), m_tstr);
if(m_tstr.front() != '/')
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

once the problem explained below is fixed I believe we can safely revert this change.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Follow up: I think we still need this as in this case we concatenate cwd and m_tstr, and else we still use the helper to possibly resolve the path.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we use std::filesystem::path::is_absolute instead? Much more readable IMHO.
If i got this correctly, we are stating that if m_tstr is relative, we attach the current working directory, else we use it as is, right?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

else we use it as is, right?

almost correct we still need to resolve the absolute path as absolute paths can still contain path traversal. Statement based on real data observed.

…ecks

Co-authored-by: Luca Guerra <luca@guerra.sh>
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
@incertum
Copy link
Contributor Author

Re #1571 (comment) thanks @LucaGuerra 🚀 -- suggestions incorporated plus I learned dos and donts with string handling for the future, thanks for that!

Co-authored-by: Federico Di Pierro <nierro92@gmail.com>
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
Copy link
Contributor

@LucaGuerra LucaGuerra left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@poiana
Copy link
Contributor

poiana commented Dec 14, 2023

LGTM label has been added.

Git tree hash: 49f3589de256b0d33ac5ae69763f9ead2be2293d

Copy link
Contributor

@FedeDP FedeDP left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/approve

@poiana
Copy link
Contributor

poiana commented Dec 14, 2023

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: FedeDP, incertum, LucaGuerra

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:
  • OWNERS [FedeDP,LucaGuerra,incertum]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@poiana poiana merged commit ef8ca60 into falcosecurity:master Dec 14, 2023
31 checks passed
@incertum incertum deleted the cleanup-fs-path branch December 14, 2023 16:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

5 participants