|
2 | 2 | import functools |
3 | 3 | import json |
4 | 4 | import os |
| 5 | +from pathlib import Path |
5 | 6 | import ssl |
6 | 7 | import textwrap |
7 | 8 |
|
@@ -109,10 +110,30 @@ def filter_forwarded(message): |
109 | 110 | request = data['d'] |
110 | 111 | requestType = request['requestType'] |
111 | 112 | if requestType == 'SetInputSettings': |
| 113 | + # Carefully validate inputSettings |
112 | 114 | inputSettings = request['requestData']['inputSettings'] |
113 | | - if len(set(inputSettings) - set('local_file overlay text font'.split())) == 0: |
114 | | - return message |
115 | | - print(message) |
| 115 | + # Verify all other inputSettings arguments ane in this allowed list. |
| 116 | + if len(set(inputSettings) - set('local_file overlay text font'.split())) > 0: |
| 117 | + print('denied message:', message) |
| 118 | + return |
| 119 | + # Verify the local_file argument is a safe path. |
| 120 | + if 'local_file' in inputSettings: |
| 121 | + local_file = Path(inputSettings['local_file']).expanduser().resolve() |
| 122 | + # If it starts with /home/rkdarst/, change to ~/ for this computer |
| 123 | + if local_file.is_relative_to('/home/rkdarst/'): |
| 124 | + local_file = ('~/' / local_file.relative_to('/home/rkdarst/')).expanduser().resolve() |
| 125 | + # Check the path, ensure it's in ~/git/coderefinery-artwork. |
| 126 | + # Symlinks, '..', etc. should have been expanded above. |
| 127 | + if not local_file.is_relative_to(Path('~/git/coderefinery-artwork').expanduser()): |
| 128 | + # If it's not in this git repo, exclude |
| 129 | + print('denied message:', message) |
| 130 | + print(f'exclude suspicious local_file={local_file}') |
| 131 | + return |
| 132 | + # Take our normalized local_file |
| 133 | + inputSettings['local_file'] = str(local_file) |
| 134 | + message = json.dumps(data) |
| 135 | + # Now fully validated |
| 136 | + return(message) |
116 | 137 | return None |
117 | 138 | if requestType in ALLOWED_REQUESTS: |
118 | 139 | return message |
|
0 commit comments