Skip to content

Add validation to allowed directories on config load #1144

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 33 commits into from
Jul 23, 2025
Merged

Add validation to allowed directories on config load #1144

merged 33 commits into from
Jul 23, 2025

Conversation

@sean-breen
Copy link
Contributor

Proposed changes

Adds some validation of paths when loading the allowed directories.

Allowed paths must:

  • be absolute
  • not contain any relative portions (.,..,etc)
  • contain any unsupported characters

Any files not satisfying this criteria will be ignored, and logged at WARN level.

When checking if a path is allowed using isAllowedDir, we will now check if the path exists and if it does we will perform a symlink check. Any symlinks will be logged and the function will return false.

Checklist

Before creating a PR, run through this checklist and mark each as complete.

  • I have read the CONTRIBUTING document
  • I have run make install-tools and have attached any dependency changes to this pull request
  • If applicable, I have added tests that prove my fix is effective or that my feature works
  • If applicable, I have checked that any relevant tests pass after adding my changes
  • If applicable, I have updated any relevant documentation (README.md)
  • If applicable, I have tested my cross-platform changes on Ubuntu 22, Redhat 8, SUSE 15 and FreeBSD 13

@sean-breen sean-breen requested a review from a team as a code owner June 25, 2025 15:05
@github-actions github-actions bot added the chore Pull requests for routine tasks label Jun 25, 2025
@dhurley dhurley added the v3.x Issues and Pull Requests related to the major version v3 label Jun 27, 2025
aphralG
aphralG reviewed Jul 1, 2025
View reviewed changes
dhurley
dhurley reviewed Jul 4, 2025
View reviewed changes
dhurley
dhurley reviewed Jul 11, 2025
View reviewed changes
aphralG
aphralG reviewed Jul 14, 2025
View reviewed changes
aphralG
aphralG reviewed Jul 14, 2025
View reviewed changes
aphralG
aphralG reviewed Jul 14, 2025
View reviewed changes
aphralG
aphralG reviewed Jul 17, 2025
View reviewed changes
@sean-breen sean-breen requested a review from aphralG July 17, 2025 11:20
@sean-breen sean-breen merged commit 948a14c into main Jul 23, 2025
25 checks passed
@sean-breen sean-breen deleted the allowedDirsFix branch July 23, 2025 13:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dhurley dhurley dhurley approved these changes

@aphralG aphralG Awaiting requested review from aphralG

+1 more reviewer

@john-david3 john-david3 john-david3 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

chore Pull requests for routine tasks v3.x Issues and Pull Requests related to the major version v3

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@sean-breen @dhurley @aphralG @john-david3