Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implement secure_join for path #354

Merged
merged 3 commits into from
Oct 4, 2021
Merged

Conversation

ong-yy
Copy link
Contributor

@ong-yy ong-yy commented Oct 2, 2021

This PR serve as a prototype for issue #346

@codecov-commenter
Copy link

codecov-commenter commented Oct 2, 2021

Codecov Report

Merging #354 (9abbf0d) into main (d209d75) will increase coverage by 1.48%.
The diff coverage is 93.54%.

@@            Coverage Diff             @@
##             main     #354      +/-   ##
==========================================
+ Coverage   69.08%   70.56%   +1.48%     
==========================================
  Files          47       48       +1     
  Lines        7033     7533     +500     
==========================================
+ Hits         4859     5316     +457     
- Misses       2174     2217      +43     

Copy link
Collaborator

@yihuaf yihuaf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good overall.

src/utils.rs Outdated Show resolved Hide resolved
src/utils.rs Outdated Show resolved Hide resolved
src/utils.rs Outdated Show resolved Hide resolved
@yihuaf
Copy link
Collaborator

yihuaf commented Oct 2, 2021

You may have to run cargo fmt --all -- --check and cargo clippy --all.

@Ofenhed
Copy link

Ofenhed commented Oct 3, 2021

This is overly complex. Did you check out fs::canonicalize?

@utam0k
Copy link
Member

utam0k commented Oct 4, 2021

This is overly complex. Did you check out fs::canonicalize?

I was also wondering if it could be implemented more simply with canonicalize. If you have tried to implement using it and found it difficult, please let me know.

@yihuaf
Copy link
Collaborator

yihuaf commented Oct 4, 2021

It is not the same thing unfortunately. First, fs::canonicalize requires the path to first exist, which is not true when we have to evaluate path inside the container root. For example, device path may not be created or mounted, but we have to resolve the path first. Second, the requirement for evaluate symlink to be relative to the rootfs, not relative to the system host root. For example, this is functionally equivalent of:

chroot rootfs
readlink --canonicalize-missing --no-newline unsafe_path

See https://github.com/cyphar/filepath-securejoin for details and this is the same function used in the runc implementation.

@utam0k
Copy link
Member

utam0k commented Oct 4, 2021

It is not the same thing unfortunately. First, fs::canonicalize requires the path to first exist, which is not true when we have to evaluate path inside the container root. For example, device path may not be created or mounted, but we have to resolve the path first. Second, the requirement for evaluate symlink to be relative to the rootfs, not relative to the system host root. For example, this is functionally equivalent of:

chroot rootfs
readlink --canonicalize-missing --no-newline unsafe_path

See https://github.com/cyphar/filepath-securejoin for details and this is the same function used in the runc implementation.

I understood. Thanks.

@ong-yy
Copy link
Contributor Author

ong-yy commented Oct 4, 2021

Hi, I've updated the code according to @yihuaf reviews and checked both cargo fmt --all -- --check and cargo clippy --all too this time. Please let me know if there's anything to add.

Copy link
Collaborator

@yihuaf yihuaf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cargo clippy --all-targets --all-features -- -D warnings to make CI happy

src/utils.rs Outdated Show resolved Hide resolved
src/utils.rs Outdated Show resolved Hide resolved
src/utils.rs Outdated Show resolved Hide resolved
src/utils.rs Outdated Show resolved Hide resolved
@ong-yy
Copy link
Contributor Author

ong-yy commented Oct 4, 2021

cargo clippy --all-targets --all-features -- -D warnings to make CI happy

Sorry. I thought running cargo clippy --all is enough. Can we perhaps put this and cargo fmt somewhere in the documentation for newcomers?

Meanwhile, I will be making the changes.

@yihuaf yihuaf merged commit c4264a1 into youki-dev:main Oct 4, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants