Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[16.07] Fix galaxy.util.in_directory()... #4856

Merged
merged 5 commits into from
Oct 25, 2017
Merged

[16.07] Fix galaxy.util.in_directory()... #4856

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
899b0d8
Fix galaxy.util.in_directory() - broken because it takes realpath of …
jmchilton Oct 25, 2017
4b5dc39
Add basic test for in_directory.
jmchilton Oct 25, 2017
fcb23eb
Some documentation to clarify discussion on #4856.
jmchilton Oct 25, 2017
95f8f48
Doc fix thanks to @nsoranzo.
jmchilton Oct 25, 2017
7e08ba6
Rework in_directory fix to move realpath expansion into galaxy.util.
jmchilton Oct 25, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
21 changes: 20 additions & 1 deletion lib/galaxy/util/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -605,14 +605,33 @@ def which(file):
def in_directory( file, directory, local_path_module=os.path ):
"""
Return true, if the common prefix of both is equal to directory
e.g. /a/b/c/d.rst and directory is /a/b, the common prefix is /a/b
e.g. /a/b/c/d.rst and directory is /a/b, the common prefix is /a/b.
This function isn't used exclusively for security checks, but if it is
used for such checks it is assumed that ``directory`` is a "trusted" path -
supplied by Galaxy or by the admin and ``file`` is something generated by
a tool, configuration, external web server, or user supplied input.

local_path_module is used by Pulsar to check Windows paths while running on
a POSIX-like system.

>>> base_dir = tempfile.mkdtemp()
>>> safe_dir = os.path.join(base_dir, "user")
>>> os.mkdir(safe_dir)
>>> good_file = os.path.join(safe_dir, "1")
>>> with open(good_file, "w") as f: f.write("hello")
>>> in_directory(good_file, safe_dir)
True
>>> in_directory("/other/file/is/here.txt", safe_dir)
False
>>> unsafe_link = os.path.join(safe_dir, "2")
>>> os.symlink("/other/file/bad.fasta", unsafe_link)
>>> in_directory(unsafe_link, safe_dir)
False
"""
if local_path_module != os.path:
_safe_contains = importlib.import_module('galaxy.util.path.%s' % local_path_module.__name__).safe_contains
else:
directory = os.path.realpath(directory)
_safe_contains = safe_contains
return _safe_contains(directory, file)

Expand Down
2 changes: 1 addition & 1 deletion lib/galaxy/util/path/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ def safe_contains(prefix, path, whitelist=None):

Given any two filesystem paths, ensure that ``path`` is contained in ``prefix``. If ``path`` exists (either as an
absolute path or relative to ``prefix``), it is canonicalized with :func:`os.path.realpath` to ensure it is not a
symbolic link that points outside of ``path``. If it is a symbolic link and ``whitelist`` is set, the symbolic link
symbolic link that points outside of ``prefix``. If it is a symbolic link and ``whitelist`` is set, the symbolic link
may also point inside a ``whitelist`` path.

The ``path`` is checked against ``whitelist`` using either its absolute pathname (if passed in as absolute) or
Expand Down