restrict allowable paths for bundle dir input

sul-dlss · Oct 3, 2018 · 1438e99 · 1438e99
1 parent bbd5794
commit 1438e99
Show file tree

Hide file tree

Showing 4 changed files with 70 additions and 0 deletions.
diff --git a/app/models/bundle_context.rb b/app/models/bundle_context.rb
@@ -10,6 +10,7 @@ class BundleContext < ApplicationRecord
 
   validate :verify_bundle_directory
   validate :verify_content_metadata_creation
+  validate :verify_bundle_dir_path
 
   after_initialize :normalize_bundle_dir, :default_enums
 
@@ -102,6 +103,11 @@ def normalize_bundle_dir
     self[:bundle_dir] = normalize_dir(bundle_dir)
   end
 
+  def bundle_dir_path
+    return unless bundle_dir
+    Pathname.new(bundle_dir).expand_path
+  end
+
   def verify_output_dir
     if persisted?
       raise "Output directory (#{output_dir}) should already exist, but doesn't" unless Dir.exist?(output_dir)
@@ -120,4 +126,14 @@ def verify_content_metadata_creation
     return unless smpl_cm_style?
     errors.add(:content_metadata_creation, "The SMPL manifest #{smpl_manifest} was not found in #{bundle_dir}.") unless File.exist?(File.join(bundle_dir, smpl_manifest))
   end
+
+  def verify_bundle_dir_path
+    match_flag = false
+    bundle_dir_path&.ascend do |sub_path|
+      next unless ::ALLOWABLE_BUNDLE_DIRS.include?(sub_path.to_s)
+      match_flag = true
+      break
+    end
+    errors.add(:bundle_dir, 'not a sub directory of allowed parent directories.') unless match_flag
+  end
 end
diff --git a/config/initializers/load_config.rb b/config/initializers/load_config.rb
@@ -0,0 +1 @@
+ALLOWABLE_BUNDLE_DIRS = YAML.safe_load(ERB.new(File.read("#{Rails.root}/config/settings/bundle_dir_roots.yml.erb")).result)[Rails.env]
diff --git a/config/settings/bundle_dir_roots.yml.erb b/config/settings/bundle_dir_roots.yml.erb
@@ -0,0 +1,43 @@
+development:
+  - <%= Rails.root.join("spec", "test_data").to_s %>
+  - <%= Rails.root.join("tmp").to_s %>
+test:
+  - <%= Rails.root.join("spec", "test_data").to_s %>
+  - <%= Rails.root.join("tmp").to_s %>
+production:
+  - '/thumpers/dpgthumper-se1/'
+  - '/thumpers/dpgthumper-se2/'
+  - '/thumpers/se9/'
+  - '/thumpers/dpgthumper-staging/'
+  - '/thumpers/dpgthumper-imageserver/'
+  - '/thumpers/dpgthumper2-se1/'
+  - '/thumpers/sdr'
+  - '/arts/'
+  - '/smpl/'
+  - '/smpl2/'
+  - '/smpl3/'
+  - '/smpl4/'
+  - '/smpl5/'
+  - '/smpl6/'
+  - '/smpl7/'
+  - '/smpl8/'
+  - '/smpl9/'
+  - '/smpl10/'
+  - '/smpl11/'
+  - '/smpl12/'
+  - '/smpl13/'
+  - '/smpl14/'
+  - '/smpl15/'
+  - '/smpl16/'
+  - '/smpl17/'
+  - '/maps/'
+  - '/data/'
+  - '/datasets/'
+  - '/gov-data/'
+  - '/spec1/'
+  - '/spec2/'
+  - '/third_party/'
+  - '/dpgthumper/'
+  - '/dpgthumper2/'
+  - '/sdrthumpers/'
+
diff --git a/spec/models/bundle_context_spec.rb b/spec/models/bundle_context_spec.rb
@@ -37,6 +37,16 @@
         expect { bc.project_name = valid_chars }.not_to change(bc, :valid?).from(true)
       end
     end
+
+    context 'bundle_dir must be a sub dir of allowed parent directories' do
+      it 'sub dir of parent directories' do
+        expect { bc.bundle_dir = 'tmp/' }.not_to change(bc, :valid?).from(true)
+      end
+
+      it 'not a sub dir of parent directories' do
+        expect { bc.bundle_dir = 'spec/../../' }.to change(bc, :valid?).to(false)
+      end
+    end
   end
 
   it do