summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorPaul Cristian Sarbu <paul.cristian.sarbu@huawei.com>2025-01-13 13:14:07 +0100
committerKlaus Aehlig <klaus.aehlig@huawei.com>2025-01-13 16:57:20 +0100
commita0fc50fcdb307ae69b59b55aa0e277f0660ebc00 (patch)
tree00ef6d07c0e234ed0abf724d53c74a018c6bf1cf /src
parent5b2771a18e46f59062147d22cf173f50eeb014c3 (diff)
downloadjustbuild-a0fc50fcdb307ae69b59b55aa0e277f0660ebc00.tar.gz
just-mr setup: Fix ensuring 'subdir' only accepts non-upwards paths
...which implicitly also enforces non-absolute. (cherry-picked from 311c88641e3b4be067ed6575369b401288e8984c) This ensures that there is no access outside the root directory of a Git checkout or the temporary unpack directory of an archive.
Diffstat (limited to 'src')
-rw-r--r--src/other_tools/repo_map/repos_to_setup_map.cpp4
-rw-r--r--src/other_tools/utils/TARGETS5
-rw-r--r--src/other_tools/utils/parse_archive.cpp5
3 files changed, 9 insertions, 5 deletions
diff --git a/src/other_tools/repo_map/repos_to_setup_map.cpp b/src/other_tools/repo_map/repos_to_setup_map.cpp
index 621a593a..6a585d55 100644
--- a/src/other_tools/repo_map/repos_to_setup_map.cpp
+++ b/src/other_tools/repo_map/repos_to_setup_map.cpp
@@ -104,9 +104,9 @@ void GitCheckout(ExpressionPtr const& repo_desc,
? repo_desc_subdir->String()
: "")
.lexically_normal();
- if (subdir.is_absolute()) {
+ if (not PathIsNonUpwards(subdir)) {
(*logger)(fmt::format("GitCheckout: Expected field \"subdir\" to be a "
- "relative path, but found {}",
+ "non-upwards path, but found {}",
subdir.string()),
/*fatal=*/true);
return;
diff --git a/src/other_tools/utils/TARGETS b/src/other_tools/utils/TARGETS
index 4d44c9e5..9eccf244 100644
--- a/src/other_tools/utils/TARGETS
+++ b/src/other_tools/utils/TARGETS
@@ -63,7 +63,10 @@
, ["src/utils/cpp", "expected"]
]
, "private-deps":
- [["@", "fmt", "", "fmt"], ["src/buildtool/crypto", "hash_info"]]
+ [ ["@", "fmt", "", "fmt"]
+ , ["src/buildtool/crypto", "hash_info"]
+ , ["src/utils/cpp", "path"]
+ ]
, "stage": ["src", "other_tools", "utils"]
}
, "parse_git_tree":
diff --git a/src/other_tools/utils/parse_archive.cpp b/src/other_tools/utils/parse_archive.cpp
index 267d2d2d..72ed5c5d 100644
--- a/src/other_tools/utils/parse_archive.cpp
+++ b/src/other_tools/utils/parse_archive.cpp
@@ -18,6 +18,7 @@
#include "fmt/core.h"
#include "src/buildtool/crypto/hash_info.hpp"
+#include "src/utils/cpp/path.hpp"
auto ParseArchiveContent(ExpressionPtr const& repo_desc,
std::string const& origin)
@@ -121,9 +122,9 @@ auto ParseArchiveDescription(ExpressionPtr const& repo_desc,
? repo_desc_subdir->String()
: "")
.lexically_normal();
- if (subdir.is_absolute()) {
+ if (not PathIsNonUpwards(subdir)) {
(*logger)(fmt::format("ArchiveCheckout: Expected field \"subdir\" to "
- "be a relative path, but found {}",
+ "be a non-upwards path, but found {}",
subdir.string()),
/*fatal=*/true);
return std::nullopt;