Prevent Usage of Stdlib File/Dir Writing With Static Analysis #7685
Conversation
rauljordan
added
Ready For Review
rauljordan
requested review from
farazdagi,
nisdas,
prestonvanloon and
rkapka
Codecov Report
@@ Coverage Diff @@
## master #7685 +/- ##
==========================================
- Coverage 62.18% 62.13% -0.05%
==========================================
Files 429 429
Lines 30205 30248 +43
==========================================
+ Hits 18782 18794 +12
- Misses 8513 8530 +17
- Partials 2910 2924 +14 |
| if err := fileutil.MkdirAll(dirPath); err != nil { | ||
| return nil, err | ||
| } | ||
| } | ||
| datafile := path.Join(dirPath, databaseFileName) | ||
| boltDB, err := bolt.Open(datafile, params.BeaconIoConfig().ReadWritePermissions, &bolt.Options{Timeout: 1 * time.Second, InitialMmapSize: 10e6}) |
There was a problem hiding this comment.
What if the directory already exists and contains a database? Shouldn't this be an error?
There was a problem hiding this comment.
If it already exists that means you already have a database and we should open it normally to start your beacon node
| hasDir, err := fileutil.HasDir(dirPath) | ||
| if err != nil { | ||
| return nil, err | ||
| } | ||
| if !hasDir { | ||
| if err := fileutil.MkdirAll(dirPath); err != nil { | ||
| return nil, err | ||
| } | ||
| } | ||
|
|
There was a problem hiding this comment.
Can you please write some tests?
| hasDir, err := fileutil.HasDir(dirPath) | ||
| if err != nil { | ||
| return nil, err | ||
| } | ||
| if !hasDir { | ||
| if err := fileutil.MkdirAll(dirPath); err != nil { | ||
| return nil, err | ||
| } | ||
| } |
There was a problem hiding this comment.
Can you please write some tests?
| case *ast.CallExpr: | ||
| // Check if any of disallowed functions have been used. | ||
| for pkg, path := range aliases { | ||
| for _, fn := range disallowedFns { |
There was a problem hiding this comment.
This is not that big of a deal, but since you have a nested loop you check MkdirAll and WriteFile for both packages.
There was a problem hiding this comment.
this is ok because it's better if it's extensible. In the future we can easily add more functions we want to check against near the top of the file
What type of PR is this?
What does this PR do? Why is it needed?
This PR prevents usage of ioutil.WriteFile and os.MkdirAll in our repository, as those are unsafe when it comes to checking permissions. For example, an attacker could create a directory
pwith 777 permissions, andos.MkdirAll(p)will fail silently, without overriding the permissions of the attacker. Instead, we enforce Prysm to use our ownshared/fileutilpackage that properly checks for permissions errors compared to the Go standard library. We enforce this using a static analyzer that preventsos.MkdirAllandioutil.WriteFile.Which issues(s) does this PR fix?
Part of #7410 and fixes #7410