Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Path valiation in phile-notify #5

Open
BoniLindsley opened this issue Oct 10, 2020 · 0 comments
Open

Path valiation in phile-notify #5

BoniLindsley opened this issue Oct 10, 2020 · 0 comments
Labels
bug Something isn't working

Comments

@BoniLindsley
Copy link
Owner

The phile-notify entry point provides commads to create and delete notifications. The path of the notifications to manipulate are derived from command line arguments.

Expected Behavior

The notifications should only be created inside notification directories. If the notification uses a name that produces an invalid path, it should gracefully handle it and produce a readable error.

Current Behavior

It is possible to manipulate the notification name to create files outside the notifcation directory.

$ phile-notify list
$ phile-notify write ../outside bad
$ phile-notify list
$ ls "$HOME/.local/state/phile"
notification  outside.notify
$ ls "$HOME/.local/state/phile/notification"
$

Some names throws a PermissionError.

$ phile-notify write //outside bad
Traceback (most recent call last):
  File "/home/boni/.local/bin/phile-notify", line 8, in <module>
    sys.exit(main())
  File "/home/boni/.local/lib/python3.8/site-packages/phile/notify/__main__.py", line 12, in main
    return phile.notify.cli.main(argv)
  File "/home/boni/.local/lib/python3.8/site-packages/phile/notify/cli.py", line 85, in main
    return process_arguments(argument_namespace)
  File "/home/boni/.local/lib/python3.8/site-packages/phile/notify/cli.py", line 67, in process_arguments
    notification.write(argument_namespace.content)
  File "/home/boni/.local/lib/python3.8/site-packages/phile/notify/notification.py", line 87, in write
    self.path.write_text(new_content + '\n')
  File "/usr/lib/python3.8/pathlib.py", line 1254, in write_text
    with self.open(mode='w', encoding=encoding, errors=errors) as f:
  File "/usr/lib/python3.8/pathlib.py", line 1221, in open
    return io.open(self, mode, buffering, encoding, errors, newline,
  File "/usr/lib/python3.8/pathlib.py", line 1077, in _opener
    return self._accessor.open(self, flags, mode)
PermissionError: [Errno 13] Permission denied: '//outside.notify'
$

Possible Solution

There are different ways to handle this. One is to validate the file name when parsing the arguments using say the pathvalidate module. This sanitises user input as soon as possible. Another is to validate the file name at notification object creation using the same module. This provides a slightly more general protection as logic errors would be checked as well. Validating at the last possible point in time, right before saving, is also possible.

Some consideration may need to be taken in terms of allowed path names. For example, should only names allowing for the widest possible cross-platform compatibilities be allowed? Or should names be allowed as long as the current OS allows it? For example, should path separators for a different OS be prohibited from the name?
@BoniLindsley BoniLindsley added the bug Something isn't working label Oct 10, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@BoniLindsley