Skip to content

Commit 554eefc

Browse files
committed
Reject directory traversal in store report processor
1 parent fe53647 commit 554eefc

File tree

2 files changed

+21
-3
lines changed

2 files changed

+21
-3
lines changed

Diff for: lib/puppet/reports/store.rb

+7-3
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,7 @@
11
require 'puppet'
22

3+
SEPARATOR = [Regexp.escape(File::SEPARATOR.to_s), Regexp.escape(File::ALT_SEPARATOR.to_s)].join
4+
35
Puppet::Reports.register_report(:store) do
46
desc "Store the yaml report on disk. Each host sends its report as a YAML dump
57
and this just stores the file on disk, in the `reportdir` directory.
@@ -11,9 +13,11 @@
1113
def process
1214
# We don't want any tracking back in the fs. Unlikely, but there
1315
# you go.
14-
client = self.host.gsub("..",".")
16+
if host =~ Regexp.union(/[#{SEPARATOR}]/, /\A\.\.?\Z/)
17+
raise ArgumentError, "Invalid node name #{host.inspect}"
18+
end
1519

16-
dir = File.join(Puppet[:reportdir], client)
20+
dir = File.join(Puppet[:reportdir], host)
1721

1822
if ! FileTest.exists?(dir)
1923
FileUtils.mkdir_p(dir)
@@ -35,7 +39,7 @@ def process
3539
end
3640
rescue => detail
3741
puts detail.backtrace if Puppet[:trace]
38-
Puppet.warning "Could not write report for #{client} at #{file}: #{detail}"
42+
Puppet.warning "Could not write report for #{host} at #{file}: #{detail}"
3943
end
4044

4145
# Only testing cares about the return value

Diff for: spec/unit/reports/store_spec.rb

+14
Original file line numberDiff line numberDiff line change
@@ -27,5 +27,19 @@
2727

2828
File.read(File.join(Puppet[:reportdir], @report.host, "201101061200.yaml")).should == @report.to_yaml
2929
end
30+
31+
['..', 'hello/', '/hello', 'he/llo', 'hello/..', '.'].each do |node|
32+
it "rejects #{node.inspect}" do
33+
@report.host = node
34+
expect { @report.process }.to raise_error(ArgumentError, /Invalid node/)
35+
end
36+
end
37+
38+
['.hello', 'hello.', '..hi', 'hi..'].each do |node|
39+
it "accepts #{node.inspect}" do
40+
@report.host = node
41+
@report.process
42+
end
43+
end
3044
end
3145
end

0 commit comments

Comments
 (0)