Skip to content

Commit ab1ca3d

Browse files
author
Jason Yellick
committed
FAB-14491 Bootstrap externalbuilders
This CR creates an externalbuilders package for chaincode, and adds one simple method for checking if a path is a child, or potentially escapes via relative or absolute path tricks. Change-Id: I7db7ee22450b8417b838c0030bf6885469b7dadc Signed-off-by: Jason Yellick <jyellick@us.ibm.com>
1 parent 1d74302 commit ab1ca3d

File tree

3 files changed

+78
-0
lines changed

3 files changed

+78
-0
lines changed

core/container/externalbuilders/externalbuilders_suite_test.go

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,19 @@
1+
/*
2+
Copyright IBM Corp. All Rights Reserved.
3+
4+
SPDX-License-Identifier: Apache-2.0
5+
*/
6+
7+
package externalbuilders_test
8+
9+
import (
10+
"testing"
11+
12+
. "github.com/onsi/ginkgo"
13+
. "github.com/onsi/gomega"
14+
)
15+
16+
func TestExternalbuilders(t *testing.T) {
17+
RegisterFailHandler(Fail)
18+
RunSpecs(t, "Externalbuilders Suite")
19+
}

core/container/externalbuilders/tar.go

Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,30 @@
1+
/*
2+
Copyright IBM Corp. All Rights Reserved.
3+
4+
SPDX-License-Identifier: Apache-2.0
5+
*/
6+
7+
package externalbuilders
8+
9+
import (
10+
"path/filepath"
11+
"strings"
12+
)
13+
14+
// ValidPath checks to see if the path is absolute, or if it is a
15+
// relative path higher in the tree. In these cases it returns false.
16+
func ValidPath(uncleanPath string) bool {
17+
// sanitizedPath will eliminate non-prefix instances of '..', as well
18+
// as strip './'
19+
sanitizedPath := filepath.Clean(uncleanPath)
20+
21+
switch {
22+
case filepath.IsAbs(sanitizedPath):
23+
return false
24+
case strings.HasPrefix(sanitizedPath, ".."):
25+
return false
26+
default:
27+
// Path appears to be relative without escaping higher
28+
return true
29+
}
30+
}

core/container/externalbuilders/tar_test.go

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,29 @@
1+
/*
2+
Copyright IBM Corp. All Rights Reserved.
3+
4+
SPDX-License-Identifier: Apache-2.0
5+
*/
6+
7+
package externalbuilders_test
8+
9+
import (
10+
. "github.com/onsi/ginkgo"
11+
. "github.com/onsi/gomega"
12+
13+
"github.com/hyperledger/fabric/core/container/externalbuilders"
14+
)
15+
16+
var _ = Describe("Tar", func() {
17+
Describe("ValidPath()", func() {
18+
It("validates that a path is relative and a child", func() {
19+
Expect(externalbuilders.ValidPath("a/simple/path")).To(BeTrue())
20+
Expect(externalbuilders.ValidPath("../path/to/parent")).To(BeFalse())
21+
Expect(externalbuilders.ValidPath("a/path/../with/intermediates")).To(BeTrue())
22+
Expect(externalbuilders.ValidPath("a/path/../../../with/toomanyintermediates")).To(BeFalse())
23+
Expect(externalbuilders.ValidPath("a/path/with/trailing/../..")).To(BeTrue())
24+
Expect(externalbuilders.ValidPath("a/path/with/toomanytrailing/../../../../..")).To(BeFalse())
25+
Expect(externalbuilders.ValidPath("/an/absolute/path")).To(BeFalse())
26+
})
27+
})
28+
29+
})

0 commit comments

Comments
 (0)