[Issue #220] - dcRUSTy - Fix DOS vulnerability related to scanning sy…

…mlinks. * [Issue #220] - dcRUSTy - Fix bug that crashed test on Windows * [Issue #220] - dcRUSTy - Implement utility function wrapper for ioutil.ReadFile which skips following symlink
thoughtworks · Aug 13, 2020 · 0855689 · 0855689
1 parent 440eee6
commit 0855689
Show file tree

Hide file tree

Showing 6 changed files with 62 additions and 7 deletions.
diff --git a/directory_hook.go b/directory_hook.go
@@ -1,8 +1,8 @@
 package main
 
 import (
-	"io/ioutil"
 	"talisman/gitrepo"
+	"talisman/utility"
 
 	log "github.com/Sirupsen/logrus"
 
@@ -35,5 +35,5 @@ func (p *DirectoryHook) GetFilesFromDirectory(globPattern string) []gitrepo.Addi
 
 func ReadFile(filepath string) ([]byte, error) {
 	log.Debugf("reading file %s", filepath)
-	return ioutil.ReadFile(filepath)
+	return utility.SafeReadFile(filepath)
 }
diff --git a/git_testing/git_testing.go b/git_testing/git_testing.go
@@ -23,7 +23,7 @@ func Init(gitRoot string) *GitTesting {
 	os.MkdirAll(gitRoot, 0777)
 	testingRepo := &GitTesting{gitRoot}
 	testingRepo.ExecCommand("git", "init", ".")
-	gitConfigFileObject, _ := ioutil.TempFile("/tmp", "gitConfigForTalismanTests")
+	gitConfigFileObject, _ := ioutil.TempFile(os.TempDir(), "gitConfigForTalismanTests")
 	gitConfigFile = gitConfigFileObject.Name()
 	testingRepo.CreateFileWithContents(gitConfigFile, `[user]
 	email = [email protected]

diff --git a/gitrepo/gitrepo.go b/gitrepo/gitrepo.go
@@ -3,13 +3,13 @@ package gitrepo
 import (
 	"fmt"
 	log "github.com/Sirupsen/logrus"
-	"io/ioutil"
 	"os"
 	"os/exec"
 	"path"
 	"path/filepath"
 	"regexp"
 	"strings"
+	"talisman/utility"
 )
 
 //FilePath represents the absolute path of an added file
@@ -161,7 +161,7 @@ func NewScannerAddition(filePath string, commits []string, content []byte) Addit
 func (repo GitRepo) ReadRepoFile(fileName string) ([]byte, error) {
 	path := filepath.Join(repo.root, fileName)
 	log.Debugf("reading file %s", path)
-	return ioutil.ReadFile(path)
+	return utility.SafeReadFile(path)
 }
 
 //ReadRepoFileOrNothing returns the contents of the supplied relative filename by locating it in the git repo.

diff --git a/utility/sha_256_hasher.go b/utility/sha_256_hasher.go
@@ -3,7 +3,6 @@ package utility
 import (
 	"crypto/sha256"
 	"encoding/hex"
-	"io/ioutil"
 )
 
 type SHA256Hasher interface {
@@ -20,7 +19,7 @@ func (DefaultSHA256Hasher) CollectiveSHA256Hash(paths []string) string {
 		concatBytes := hashByte(&sbyte)
 		nameByte := []byte(path)
 		nameHash := hashByte(&nameByte)
-		fileBytes, _ := ioutil.ReadFile(path)
+		fileBytes, _ := SafeReadFile(path)
 		fileHash := hashByte(&fileBytes)
 		finHash = concatBytes + fileHash + nameHash
 	}

diff --git a/utility/utility.go b/utility/utility.go
@@ -2,6 +2,7 @@ package utility
 
 import (
 	"fmt"
+	log "github.com/Sirupsen/logrus"
 	"io"
 	"io/ioutil"
 	"os"
@@ -89,3 +90,19 @@ func Dir(src string, dst string) error {
 	}
 	return nil
 }
+
+func IsFileSymlink(path string) bool {
+	fileMetadata, err := os.Lstat(path)
+	if err != nil {
+		return false
+	}
+	return fileMetadata.Mode()&os.ModeSymlink != 0
+}
+
+func SafeReadFile(path string) ([]byte, error) {
+	if IsFileSymlink(path) {
+		log.Debug("Symlink was detected! Not following symlink ", path)
+		return []byte{}, nil
+	}
+	return ioutil.ReadFile(path)
+}
diff --git a/utility/utility_test.go b/utility/utility_test.go
@@ -0,0 +1,39 @@
+package utility
+
+import (
+	"github.com/stretchr/testify/assert"
+	"io/ioutil"
+	"os"
+	"testing"
+)
+
+func TestShouldReadNormalFileCorrectly(t *testing.T) {
+	tempFile, _ := ioutil.TempFile(os.TempDir(), "somefile")
+	dataToBeWrittenInFile := []byte{0, 1, 2, 3}
+	tempFile.Write(dataToBeWrittenInFile)
+	tempFile.Close()
+
+	readDataFromFileUsingIoutilDotReadFile, _ := ioutil.ReadFile(tempFile.Name())
+	readDataFromFileUsingSafeFileRead, _ := SafeReadFile(tempFile.Name())
+	os.Remove(tempFile.Name())
+
+	assert.Equal(t, readDataFromFileUsingIoutilDotReadFile, dataToBeWrittenInFile)
+	assert.Equal(t, readDataFromFileUsingSafeFileRead, dataToBeWrittenInFile)
+}
+
+func TestShouldNotReadSymbolicLinkTargetFile(t *testing.T) {
+	tempFile, _ := ioutil.TempFile(os.TempDir(), "somefile")
+	dataToBeWrittenInFile := []byte{0, 1, 2, 3}
+	tempFile.Write(dataToBeWrittenInFile)
+	tempFile.Close()
+	symlinkFileName := tempFile.Name() + "symlink"
+	os.Symlink(tempFile.Name(), symlinkFileName)
+
+	readDataFromSymlinkUsingIoutilDotReadFile, _ := ioutil.ReadFile(symlinkFileName)
+	readDataFromSymlinkUsingSafeFileRead, _ := SafeReadFile(symlinkFileName)
+	os.Remove(symlinkFileName)
+	os.Remove(tempFile.Name())
+
+	assert.Equal(t, readDataFromSymlinkUsingIoutilDotReadFile, dataToBeWrittenInFile)
+	assert.Equal(t, readDataFromSymlinkUsingSafeFileRead, []byte{})
+}