double check target path is inside currentDir

tegonal · Oct 25, 2024 · 82ed62e · 82ed62e
1 parent a1f96ca
commit 82ed62e
Show file tree

Hide file tree

Showing 5 changed files with 11 additions and 26 deletions.
diff --git a/src/gt-pull.sh b/src/gt-pull.sh
@@ -185,7 +185,7 @@ function gt_pull() {
 	# before we report about missing arguments we check if the working directory exists and
 	# if it is inside of the call location
 	exitIfWorkingDirDoesNotExist "$workingDir"
-	exitIfDirectoryNamedIsOutsideOf "$workingDir" "working directory" "$currentDir"
+	exitIfPathNamedIsOutsideOf "$workingDir" "working directory" "$currentDir"
 
 	# if remote does not exist then pull.args does not and most likely pullDir is thus not defined, in this case we want
 	# to show the error about the non existing remote before other missing arguments
@@ -208,7 +208,7 @@ function gt_pull() {
 	workingDirAbsolute=$(readlink -m "$workingDir") || die "could not deduce workingDirAbsolute from %s" "$workingDir"
 	pullDirAbsolute=$(readlink -m "$pullDir")
 	local -r workingDirAbsolute pullDirAbsolute
-	checkIfDirectoryNamedIsOutsideOf "$pullDirAbsolute" "pull directory" "$currentDir" || return $?
+	checkIfPathNamedIsOutsideOf "$pullDirAbsolute" "pull directory" "$currentDir" || return $?
 
 	local publicKeysDir repo gpgDir pulledTsv pullHookFile
 	source "$dir_of_gt/paths.source.sh" || traceAndDie "could not source paths.source.sh"
@@ -426,6 +426,10 @@ function gt_pull() {
 
 	local absoluteFile
 	while read -r -d $'\0' absoluteFile; do
+		# in theory this check should not be necessary as we already check that the pullDir is not outside
+		# but better be sure as we don't want that `gt re-pull` can be a security risk (leaving pull-hooks aside)
+		checkIfPathNamedIsOutsideOf "$absoluteFile" "target path" "$currentDir" || return $?
+
 		local repoFile
 		repoFile=$(realpath --relative-to="$repo" "$absoluteFile")
 		if [[ $doVerification == true && -f "$absoluteFile.$sigExtension" ]]; then

diff --git a/src/gt-re-pull.sh b/src/gt-re-pull.sh
@@ -100,7 +100,7 @@ function gt_re_pull() {
 	# before we report about missing arguments we check if the working directory exists and
 	# if it is inside of the call location
 	exitIfWorkingDirDoesNotExist "$workingDir"
-	exitIfDirectoryNamedIsOutsideOf "$workingDir" "working directory" "$currentDir"
+	exitIfPathNamedIsOutsideOf "$workingDir" "working directory" "$currentDir"
 
 	exitIfNotAllArgumentsSet params "$examples" "$GT_VERSION"
 

diff --git a/src/gt-remote.sh b/src/gt-remote.sh
@@ -110,7 +110,7 @@ function gt_remote_add() {
 	if ! [[ -v tagFilter ]]; then tagFilter=".*"; fi
 
 	# before we report about missing arguments we check if the working directory is inside of the call location
-	exitIfDirectoryNamedIsOutsideOf "$workingDir" "working directory" "$currentDir"
+	exitIfPathNamedIsOutsideOf "$workingDir" "working directory" "$currentDir"
 	exitIfNotAllArgumentsSet params "$examples" "$GT_VERSION"
 
 	local -r remoteIdentifierRegex="^[a-zA-Z0-9_-]+$"
@@ -256,7 +256,7 @@ function gt_remote_list_raw() {
 	# before we report about missing arguments we check if the working directory exists and
 	# if it is inside of the call location
 	exitIfWorkingDirDoesNotExist "$workingDir"
-	exitIfDirectoryNamedIsOutsideOf "$workingDir" "working directory" "$currentDir"
+	exitIfPathNamedIsOutsideOf "$workingDir" "working directory" "$currentDir"
 
 	exitIfNotAllArgumentsSet params "$examples" "$GT_VERSION"
 
@@ -325,7 +325,7 @@ function gt_remote_remove() {
 	# before we report about missing arguments we check if the working directory exists and
 	# if it is inside of the call location
 	exitIfWorkingDirDoesNotExist "$workingDir"
-	exitIfDirectoryNamedIsOutsideOf "$workingDir" "working directory" "$currentDir"
+	exitIfPathNamedIsOutsideOf "$workingDir" "working directory" "$currentDir"
 
 	exitIfNotAllArgumentsSet params "$examples" "$GT_VERSION"
 

diff --git a/src/gt-reset.sh b/src/gt-reset.sh
@@ -93,7 +93,7 @@ function gt_reset() {
 	# before we report about missing arguments we check if the working directory exists and
 	# if it is inside of the call location
 	exitIfWorkingDirDoesNotExist "$workingDir"
-	exitIfDirectoryNamedIsOutsideOf "$workingDir" "working directory" "$currentDir"
+	exitIfPathNamedIsOutsideOf "$workingDir" "working directory" "$currentDir"
 
 	exitIfNotAllArgumentsSet params "$examples" "$GT_VERSION"
 

diff --git a/src/utils.sh b/src/utils.sh
@@ -85,25 +85,6 @@ function exitIfRemoteDirDoesNotExist() {
 	fi
 }
 
-function checkIfDirectoryNamedIsOutsideOf() {
-	local directory name parentDirectory
-	# shellcheck disable=SC2034   # is passed by name to parseFnArgs
-	local -ra params=(directory name parentDirectory)
-	parseFnArgs params "$@"
-
-	local directoryAbsolute parentDirectoryAbsolute
-	directoryAbsolute="$(realpath "$directory")"
-	parentDirectoryAbsolute="$(realpath "$parentDirectory")"
-	if ! [[ "$directoryAbsolute" == "$parentDirectoryAbsolute"* ]]; then
-		returnDying "the given \033[0;36m%s\033[0m %s is outside of %s" "$name" "$directoryAbsolute" "$parentDirectory"
-	fi
-}
-
-function exitIfDirectoryNamedIsOutsideOf() {
-	# shellcheck disable=SC2310			# we are aware of that || will disable set -e for checkIfDirectoryNamedIsOutsideOf
-	checkIfDirectoryNamedIsOutsideOf "$@" || exit $?
-}
-
 function invertBool() {
 	local b=$1
 	shift 1 || traceAndDie "could not shift by 1"