Skip to content

Cert file outside allowed directory in aux content #72

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 17 commits into from
Oct 13, 2022
Merged

Cert file outside allowed directory in aux content #72

merged 17 commits into from
Oct 13, 2022

Conversation

@aphralG
Copy link
Contributor

@aphralG aphralG commented Oct 12, 2022

Proposed changes

Remote cert file content outside allowed directory.
When a cert file was added the contents were not checked to see if it was in an allowed directory. This caused the aux file to include files from outside the allowed directories. Which then caused attempts to update the config to fail.

Checklist

Before creating a PR, run through this checklist and mark each as complete.

  • I have read the CONTRIBUTING document
  • If applicable, I have added tests that prove my fix is effective or that my feature works
  • If applicable, I have checked that any relevant tests pass after adding my changes
  • I have updated any relevant documentation (README.md)

@aphralG aphralG self-assigned this Oct 12, 2022
@dhurley dhurley added bug Something isn't working and removed dependencies labels Oct 12, 2022
dhurley
dhurley reviewed Oct 12, 2022
View reviewed changes
Copy link
Collaborator

@dhurley dhurley left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you run make format lint ?

src/core/nginx.go Outdated
)
if err != nil {
return nil, err
return nil, fmt.Errorf("%v", err)
Copy link
Collaborator

@dhurley dhurley Oct 12, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you undo this change? I don't think its required.

Copy link
Contributor Author

@aphralG aphralG Oct 12, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry forgot to remove that, changed it. Ran make format lint again but there were no changes made.

Copy link
Contributor

@Dean-Coakley Dean-Coakley Oct 12, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@aphralG I think you should make the following change to the Makefile

diff --git a/Makefile b/Makefile
index d3e3ad5..59b3c39 100644
--- a/Makefile
+++ b/Makefile
@@ -75,6 +75,7 @@ lint: ## Run linter

 format: ## Format code
        go fmt ./...
+       cd sdk && go fmt ./...

And run make format again. I think the change can be included in your PR

Copy link
Contributor Author

@aphralG aphralG Oct 12, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you, that fixed it 🙂

Copy link
Contributor

@Dean-Coakley Dean-Coakley Oct 12, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I should've mentioned that you'll need to run make deps too.

@aphralG aphralG merged commit 4d09a7a into main Oct 13, 2022
@Dean-Coakley Dean-Coakley deleted the fix-cert-outside-allowed-directory-in-aux-content branch October 13, 2022 09:14
nickchen
nickchen reviewed Oct 14, 2022
View reviewed changes
sdk/config_helpers.go
}

if !isAllowed {
return fmt.Errorf("file outside allowed directories %s", file)
Copy link

@nickchen nickchen Oct 14, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should not error here, the cert information should still be parsed to provide meta data, and not saved into the aux file. We don't want to error even if the cert is outside the allowed directory.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dhurley dhurley dhurley approved these changes

@oliveromahony oliveromahony Awaiting requested review from oliveromahony

@craigell craigell Awaiting requested review from craigell

+2 more reviewers

@nickchen nickchen nickchen left review comments

@Dean-Coakley Dean-Coakley Dean-Coakley approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@aphralG aphralG

Labels

bug Something isn't working dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@aphralG @nickchen @dhurley @Dean-Coakley