Only do cheap sanity check for the redirect target path.

isoos · isoos · commit fb0951d50ee6 · 2024-12-02T16:45:23.000+01:00
diff --git a/app/lib/task/backend.dart b/app/lib/task/backend.dart
@@ -869,18 +869,6 @@ class TaskBackend {
     return index;
   }
 
-  /// Whether the task result for the given [package]/[version] has any result
-  /// dartdoc-generated file in [path].
-  Future<bool> hasDartdocTaskResult(
-      String package, String version, String path) async {
-    version = canonicalizeVersion(version)!;
-    final index = await _taskResultIndex(package, version);
-    if (index == null) {
-      return false;
-    }
-    return index.lookup('doc/$path') != null;
-  }
-
   /// Return gzipped result from task for the given [package]/[version] or
   /// `null`.
   Future<List<int>?> gzippedTaskResult(
diff --git a/app/lib/task/handlers.dart b/app/lib/task/handlers.dart
@@ -103,11 +103,24 @@ Future<shelf.Response> handleDartDoc(
         redirectPath,
         if (!redirectPath.endsWith('.html')) 'index.html',
       ]));
-      return redirectResponse(pkgDocUrl(
+      final newDocUrl = pkgDocUrl(
         package,
         version: resolvedDocUrlVersion.urlSegment,
         relativePath: newPath,
-      ));
+      );
+
+      // Sanity check to prevent redirecting outside of the generated document content,
+      // as it shouldn't happen under normal operations. It may be a dartdoc bug or the
+      // worker may have been compromised.
+      final docUrlRoot =
+          pkgDocUrl(package, version: resolvedDocUrlVersion.urlSegment);
+      if (!newDocUrl.startsWith(docUrlRoot)) {
+        _logger.shout('$package ${resolvedDocUrlVersion.version} file $path '
+            'redirects outside of the documentation root: $newDocUrl');
+        return notFoundHandler(request);
+      }
+
+      return redirectResponse(newDocUrl);
     }
 
     if (cachedStatusCode == DocPageStatusCode.redirect) {
@@ -156,20 +169,7 @@ Future<shelf.Response> handleDartDoc(
         if (page.isEmpty() &&
             redirectPath != null &&
             p.isRelative(redirectPath)) {
-          final newPath = p.normalize(p.joinAll([
-            p.dirname(path),
-            redirectPath,
-            if (!redirectPath.endsWith('.html')) 'index.html',
-          ]));
-          if (await taskBackend.hasDartdocTaskResult(
-              package, version, newPath)) {
-            return (DocPageStatus.redirect(redirectPath), null);
-          } else {
-            return (
-              DocPageStatus.missing('Dartdoc redirect is missing.'),
-              null, // bytes
-            );
-          }
+          return (DocPageStatus.redirect(redirectPath), null);
         }
 
         final html = page.render(DartDocPageOptions(
