Mirrors/servo
1
0
Fork 0
mirror of https://github.com/servo/servo.git synced 2025-07-22 14:53:49 +01:00
Code Issues Projects Releases Packages Wiki Activity

More chrome URL hardenning and tests.

Browse source
This commit is contained in:
Simon Sapin 2016-04-23 18:04:40 +02:00
parent 374679852c
commit e662605138
2 changed files with 41 additions and 42 deletions
Download patch file Download diff file Expand all files Collapse all files

19
components/net/chrome_loader.rs
View file

@ -6,6 +6,7 @@ use file_loader;
use mime_classifier::MIMEClassifier; use mime_classifier::MIMEClassifier;
use net_traits::{LoadConsumer, LoadData, NetworkError}; use net_traits::{LoadConsumer, LoadData, NetworkError};
use resource_thread::{CancellationListener, send_error}; use resource_thread::{CancellationListener, send_error};
use std::fs::canonicalize;
use std::sync::Arc; use std::sync::Arc;
use url::Url; use url::Url;
use url::percent_encoding::percent_decode; use url::percent_encoding::percent_decode;
@ -16,16 +17,22 @@ pub fn resolve_chrome_url(url: &Url) -> Result<Url, ()> {
if url.host_str() != Some("resources") { if url.host_str() != Some("resources") {
return Err(()) return Err(())
} }
let resources = resources_dir_path(); let resources = canonicalize(resources_dir_path())
.expect("Error canonicalizing path to the resources directory");
let mut path = resources.clone(); let mut path = resources.clone();
for segment in url.path_segments().unwrap() { for segment in url.path_segments().unwrap() {
path.push(&*try!(percent_decode(segment.as_bytes()).decode_utf8().map_err(|_| ()))) match percent_decode(segment.as_bytes()).decode_utf8() {
// Check ".." to prevent access to files outside of the resources directory.
Ok(segment) => path.push(&*segment),
_ => return Err(())
}
} }
// Don't allow chrome URLs access to files outside of the resources directory. match canonicalize(path) {
if !(path.starts_with(resources) && path.exists()) { Ok(ref path) if path.starts_with(&resources) && path.exists() => {
return Err(()); Ok(Url::from_file_path(path).unwrap())
}
_ => Err(())
} }
return Ok(Url::from_file_path(&*path).unwrap());
} }
pub fn factory(mut load_data: LoadData, pub fn factory(mut load_data: LoadData,

64
tests/unit/net/chrome_loader.rs
View file

@ -5,48 +5,40 @@
use net::chrome_loader::resolve_chrome_url; use net::chrome_loader::resolve_chrome_url;
use url::Url; use url::Url;
#[test] fn c(s: &str) -> Result<Url, ()> {
fn test_relative() { resolve_chrome_url(&Url::parse(s).unwrap())
let url = Url::parse("chrome://resources/../something").unwrap();
assert!(resolve_chrome_url(&url).is_err());
} }
#[test] #[test]
fn test_relative_2() { fn test_resolve_chrome_url() {
let url = Url::parse("chrome://resources/subdir/../something").unwrap(); assert_eq!(c("chrome://resources/nonexistent.jpg"), Err(()));
assert!(resolve_chrome_url(&url).is_err()); assert_eq!(c("chrome://not-resources/badcert.jpg"), Err(()));
} assert_eq!(c("chrome://resources/badcert.jpg").unwrap().scheme(), "file");
assert_eq!(c("chrome://resources/subdir/../badcert.jpg").unwrap().scheme(), "file");
assert_eq!(c("chrome://resources/subdir/../../badcert.jpg").unwrap().scheme(), "file");
assert_eq!(c("chrome://resources/../badcert.jpg").unwrap().scheme(), "file");
assert_eq!(c("chrome://resources/../README.md"), Err(()));
assert_eq!(c("chrome://resources/%2e%2e/README.md"), Err(()));
#[test] assert_eq!(c("chrome://resources/etc/passwd"), Err(()));
#[cfg(not(target_os = "windows"))] assert_eq!(c("chrome://resources//etc/passwd"), Err(()));
fn test_absolute() { assert_eq!(c("chrome://resources/%2Fetc%2Fpasswd"), Err(()));
let url = Url::parse("chrome://resources/etc/passwd").unwrap();
assert!(resolve_chrome_url(&url).is_err());
}
#[test] assert_eq!(c("chrome://resources/C:/Windows/notepad.exe"), Err(()));
#[cfg(target_os = "windows")] assert_eq!(c("chrome://resources/C:\\Windows\\notepad.exe"), Err(()));
fn test_absolute_2() {
let url = Url::parse("chrome://resources/C:\\Windows").unwrap();
assert!(resolve_chrome_url(&url).is_err());
}
#[test] assert_eq!(c("chrome://resources/localhost/C:/Windows/notepad.exe"), Err(()));
#[cfg(target_os = "windows")] assert_eq!(c("chrome://resources//localhost/C:/Windows/notepad.exe"), Err(()));
fn test_absolute_3() { assert_eq!(c("chrome://resources///localhost/C:/Windows/notepad.exe"), Err(()));
let url = Url::parse("chrome://resources/\\\\server/C$").unwrap(); assert_eq!(c("chrome://resources/\\\\localhost\\C:\\Windows\\notepad.exe"), Err(()));
assert!(resolve_chrome_url(&url).is_err());
}
#[test] assert_eq!(c("chrome://resources/%3F/C:/Windows/notepad.exe"), Err(()));
fn test_valid() { assert_eq!(c("chrome://resources//%3F/C:/Windows/notepad.exe"), Err(()));
let url = Url::parse("chrome://resources/badcert.jpg").unwrap(); assert_eq!(c("chrome://resources///%3F/C:/Windows/notepad.exe"), Err(()));
let resolved = resolve_chrome_url(&url).unwrap(); assert_eq!(c("chrome://resources/\\\\%3F\\C:\\Windows\\notepad.exe"), Err(()));
assert_eq!(resolved.scheme(), "file");
}
#[test] assert_eq!(c("chrome://resources/%3F/UNC/localhost/C:/Windows/notepad.exe"), Err(()));
fn test_incorrect_host() { assert_eq!(c("chrome://resources//%3F/UNC/localhost/C:/Windows/notepad.exe"), Err(()));
let url = Url::parse("chrome://not-resources/badcert.jpg").unwrap(); assert_eq!(c("chrome://resources///%3F/UNC/localhost/C:/Windows/notepad.exe"), Err(()));
assert!(resolve_chrome_url(&url).is_err()); assert_eq!(c("chrome://resources/\\\\%3F\\UNC\\localhost\\C:\\Windows\\notepad.exe"), Err(()));
} }