mirrors/git-annex
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

addurl, importfeed: Allow '-' in filenames, as long as it's not the first character

Browse source
This commit is contained in:
Joey Hess 2020-05-11 13:50:49 -04:00
parent 57451bd9a1
commit cabbc91b18
No known key found for this signature in database
GPG key ID: DB12DB0FF05F8F38
3 changed files with 28 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
Annex/UntrustedFilePath.hs
View file

@ -15,25 +15,28 @@ import System.FilePath
- sane FilePath.
-
- All spaces and punctuation and other wacky stuff are replaced
- with '_', except for '.'
- with '_', except for '.' and '-'
-
- "../" becomes ".._", which is safe.
- "/foo" becomes "_foo", which is safe.
- "c:foo" becomes "c_foo", which is safe even on windows.
-
- Leading '.' is also replaced with '_', so ".git/foo" becomes "_git_foo"
- and so no dotfiles that might control a program are inadvertently created.
- Leading '.' and '-' are also replaced with '_', so
- so no dotfiles that might control a program are inadvertently created,
- and to avoid filenames being treated as options to commands the user
- might run.
-}
sanitizeFilePath :: String -> FilePath
sanitizeFilePath = leadingdot . map sanitize
sanitizeFilePath = leading . map sanitize
where
sanitize c
| c == '.' = c
| c == '.' || c == '-' = c
| isSpace c || isPunctuation c || isSymbol c || isControl c || c == '/' = '_'
| otherwise = c
leadingdot ('.':s) = '_':s
leadingdot s = s
leading ('.':s) = '_':s
leading ('-':s) = '_':s
leading s = s
escapeSequenceInFilePath :: FilePath -> Bool
escapeSequenceInFilePath f = '\ESC' `elem` f

6
CHANGELOG
View file

@ -18,8 +18,12 @@ git-annex (8.20200502) UNRELEASED; urgency=medium
autoenable of such remotes without forcing again.
* addurl, importfeed: Avoid adding filenames with leading '.', instead
it will be replaced with '_'.
* addurl, importfeed: Allow '-' in filenames, as long as it's not the
first character.
* addurl --preserve-filename: New option, uses server-provided filename
without any sanitization, but with some security checking.
without any sanitization, but will fail if the filename has an obvious
security problem like using an escape sequence or trying to escape
the current directory.
-- Joey Hess <id@joeyh.name> Mon, 04 May 2020 12:46:11 -0400

13
doc/bugs/addurl__58___content-disposition_field_should_be_taken_as_is_without_obfuscation_/comment_5_fad1fe49c2c545aeeb388176d2f5a893._comment Normal file
View file

@ -0,0 +1,13 @@
[[!comment format=mdwn
username="joey"
subject="""comment 5"""
date="2020-05-11T17:20:07Z"
content="""
I agree that it may as well allow non-leading '-'.
Web browsers do do some santization, particulary of '/'.
Chrome removes leading "." as well. Often files are downloaded to locations
without the user confirming it. I suspect there is enough insecurity
in that area that someone could make a living injecting bitcoin miners into
dotfiles.
"""]]