Merge branch 'path_fixes' into 'master'

dzaporozhets · dzaporozhets · commit 5b6ca7b01fa6 · 2014-12-11T14:22:05.000Z
Path fixes

Improve the path handling in Grit to guard against path traversal and accidentally shelling out.

See merge request !8
diff --git a/History.txt b/History.txt
@@ -1,3 +1,6 @@
+== 2.7.3
+  * Add guards against path traversal and leading '|'
+
 == 2.7.2
   * Make sure grit restores old timeout value even if exception occures
 
diff --git a/lib/grit/git-ruby/repository.rb b/lib/grit/git-ruby/repository.rb
@@ -683,7 +683,9 @@ def self.create_initial_config(bare = false)
       end
 
       def self.add_file(name, contents)
-        File.open(name, 'w') do |f|
+        path = File.join(Dir.pwd, name)
+        raise "Invalid path: #{path}" unless File.absolute_path(path) == path
+        File.open(path, 'w') do |f|
           f.write contents
         end
       end
diff --git a/lib/grit/git.rb b/lib/grit/git.rb
@@ -117,15 +117,19 @@ def shell_escape(str)
     #
     # Returns Boolean
     def fs_exist?(file)
-      File.exist?(File.join(self.git_dir, file))
+      path = File.join(self.git_dir, file)
+      raise "Invalid path: #{path}" unless File.absolute_path(path) == path
+      File.exist?(path)
     end
 
     # Read a normal file from the filesystem.
     #   +file+ is the relative path from the Git dir
     #
     # Returns the String contents of the file
     def fs_read(file)
-      File.read(File.join(self.git_dir, file))
+      path = File.join(self.git_dir, file)
+      raise "Invalid path: #{path}" unless File.absolute_path(path) == path
+      File.read(path)
     end
 
     # Write a normal file to the filesystem.
@@ -135,6 +139,7 @@ def fs_read(file)
     # Returns nothing
     def fs_write(file, contents)
       path = File.join(self.git_dir, file)
+      raise "Invalid path: #{path}" unless File.absolute_path(path) == path
       FileUtils.mkdir_p(File.dirname(path))
       File.open(path, 'w') do |f|
         f.write(contents)
diff --git a/test/test_git.rb b/test/test_git.rb
@@ -2,7 +2,7 @@
 
 class TestGit < Test::Unit::TestCase
   def setup
-    @git = Git.new(File.join(File.dirname(__FILE__), *%w[..]))
+    @git = Git.new(File.absolute_path(File.join(File.dirname(__FILE__), *%w[..])))
   end
 
   def teardown
@@ -83,6 +83,12 @@ def test_fs_read
     assert_equal 'bar', @git.fs_read('foo')
   end
 
+  def test_fs_read_path_traversal
+    assert_raise RuntimeError do
+      @git.fs_read('../foo')
+    end
+  end
+
   def test_fs_write
     f = stub
     f.expects(:write).with('baz')
@@ -91,6 +97,12 @@ def test_fs_write
     @git.fs_write('foo/bar', 'baz')
   end
 
+  def test_fs_write_path_traversal
+    assert_raise RuntimeError do
+      @git.fs_read('../foo/bar')
+    end
+  end
+
   def test_fs_delete
     FileUtils.expects(:rm_rf).with(File.join(@git.git_dir, 'foo'))
     @git.fs_delete('foo')
