mirrors/git-annex
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

addurl, importfeed: Allow '-' in filenames, as long as it's not the first character

Browse source
This commit is contained in:
Joey Hess 2020-05-11 13:50:49 -04:00
parent 57451bd9a1
commit cabbc91b18
No known key found for this signature in database
GPG key ID: DB12DB0FF05F8F38
3 changed files with 28 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
Annex/UntrustedFilePath.hs
View file

@ -15,25 +15,28 @@ import System.FilePath
- sane FilePath. - sane FilePath.
- -
- All spaces and punctuation and other wacky stuff are replaced - All spaces and punctuation and other wacky stuff are replaced
- with '_', except for '.' - with '_', except for '.' and '-'
- -
- "../" becomes ".._", which is safe. - "../" becomes ".._", which is safe.
- "/foo" becomes "_foo", which is safe. - "/foo" becomes "_foo", which is safe.
- "c:foo" becomes "c_foo", which is safe even on windows. - "c:foo" becomes "c_foo", which is safe even on windows.
- -
- Leading '.' is also replaced with '_', so ".git/foo" becomes "_git_foo" - Leading '.' and '-' are also replaced with '_', so
- and so no dotfiles that might control a program are inadvertently created. - so no dotfiles that might control a program are inadvertently created,
- and to avoid filenames being treated as options to commands the user
- might run.
-} -}
sanitizeFilePath :: String -> FilePath sanitizeFilePath :: String -> FilePath
sanitizeFilePath = leadingdot . map sanitize sanitizeFilePath = leading . map sanitize
where where
sanitize c sanitize c
| c == '.' = c | c == '.' || c == '-' = c
| isSpace c || isPunctuation c || isSymbol c || isControl c || c == '/' = '_' | isSpace c || isPunctuation c || isSymbol c || isControl c || c == '/' = '_'
| otherwise = c | otherwise = c
leadingdot ('.':s) = '_':s leading ('.':s) = '_':s
leadingdot s = s leading ('-':s) = '_':s
leading s = s
escapeSequenceInFilePath :: FilePath -> Bool escapeSequenceInFilePath :: FilePath -> Bool
escapeSequenceInFilePath f = '\ESC' `elem` f escapeSequenceInFilePath f = '\ESC' `elem` f

6
CHANGELOG
View file

@ -18,8 +18,12 @@ git-annex (8.20200502) UNRELEASED; urgency=medium
autoenable of such remotes without forcing again. autoenable of such remotes without forcing again.
* addurl, importfeed: Avoid adding filenames with leading '.', instead * addurl, importfeed: Avoid adding filenames with leading '.', instead
it will be replaced with '_'. it will be replaced with '_'.
* addurl, importfeed: Allow '-' in filenames, as long as it's not the
first character.
* addurl --preserve-filename: New option, uses server-provided filename * addurl --preserve-filename: New option, uses server-provided filename
without any sanitization, but with some security checking. without any sanitization, but will fail if the filename has an obvious
security problem like using an escape sequence or trying to escape
the current directory.
-- Joey Hess <id@joeyh.name> Mon, 04 May 2020 12:46:11 -0400 -- Joey Hess <id@joeyh.name> Mon, 04 May 2020 12:46:11 -0400

13
doc/bugs/addurl__58___content-disposition_field_should_be_taken_as_is_without_obfuscation_/comment_5_fad1fe49c2c545aeeb388176d2f5a893._comment Normal file
View file

@ -0,0 +1,13 @@
[[!comment format=mdwn
username="joey"
subject="""comment 5"""
date="2020-05-11T17:20:07Z"
content="""
I agree that it may as well allow non-leading '-'.
Web browsers do do some santization, particulary of '/'.
Chrome removes leading "." as well. Often files are downloaded to locations
without the user confirming it. I suspect there is enough insecurity
in that area that someone could make a living injecting bitcoin miners into
dotfiles.
"""]]