Add some basic defense against badly formed paths

Description

A Plugin installer includes a list of paths which says "copy from here inside the distribution to here inside the IdP". But they are only relative by convention. We need to add code to ensure that the installer isn't being told to go where it shouldn't. By experiment something like this should do it

final Path from = distribution.resolve(p); final Path to = idpHome.resolve(p); if (!to.toFile().getCanonicalFile().toPath().startsWith(idpHome)) { LOG.error("Unrecognisable path {} did not resolve correctly to {}", p, to); throw new BuildException("Bad Path"); } if (!from.toFile().getCanonicalFile().toPath().startsWith(distribution)) { LOG.error("Unrecognisable path {} did not resolve correctly to {}", p, from); throw new BuildException("Bad Path"); }

But further testing (and indeed pre-canonicalization if distribution and idpHome) needs to be done

Environment

None

Activity

Rod Widdowson 
September 8, 2020 at 3:19 PM

Complete. Review welcome

Scott Cantor 
September 8, 2020 at 3:09 PM

I really implemented the module support for this more as a proof of concept.

I suppose if we were really serious about this, we should probably factor out the PGP layer you built and make that usable for all downloads, but I'm probably content to just say that we should leave the HttpClient off in the module command by default and add warnings about turning it on.

Rod Widdowson 
September 8, 2020 at 3:02 PM

I''m coding this up and wondering about whether we need to be defensive about URLs that we download from?

Fixed

Details

Assignee

Reporter

Created September 2, 2020 at 12:59 PM
Updated September 8, 2020 at 3:19 PM
Resolved September 8, 2020 at 3:19 PM