Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

prog/analysis: prevent sandbox escaping files from entering s.files #826

Merged
merged 2 commits into from
Nov 27, 2018
Merged

prog/analysis: prevent sandbox escaping files from entering s.files #826

merged 2 commits into from
Nov 27, 2018

Conversation

blackgnezdo
Copy link
Collaborator

It causes panic later in (*randGen).filename.

prog/analysis: prevent sandbox escaping files from entering s.files
725244f 
It causes panic later in (*randGen).filename.
dvyukov
dvyukov reviewed Nov 26, 2018
View reviewed changes
prog/rand_test.go
func TestNotEscaping(t *testing.T) {
r := newRand(nil, rand.NewSource(0))
s := &state{
files: map[string]bool{"./file0": true},
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did you mean to use "../file0"? Otherwise it does not trigger the problem.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Right, I wanted to get some extra coverage and when I used "..", the assertion fired. I frankly don't know what kind of assertions are best made here.

dvyukov
dvyukov reviewed Nov 26, 2018
View reviewed changes
prog/rand_test.go Outdated Show resolved Hide resolved
@dvyukov
Copy link
Collaborator

dvyukov commented Nov 26, 2018

Do you have any indication that this is what actually caused the panics? Or it's just code analysis?
I mean this looks like a reasonable thing to do regardless, I just wonder if we know that this is the root cause.

@blackgnezdo
Copy link
Collaborator Author

Do you have any indication that this is what actually caused the panics? Or it's just code analysis?

A combination of clues: production code reported s.files to contain ../file (the reports I invalidated yesterday). Inserting the check into the single place where s.files was being mutated stopped the problem cold.

I mean this looks like a reasonable thing to do regardless, I just wonder if we know that this is the root cause.

Considering there's one place where s.files is changed, it has to be. Ideally I'd want a level of abstraction with some invariants instead of a dictionary that's being assigned to in one place and read in a different one.

@dvyukov dvyukov merged commit 0b29b7f into google:master Nov 27, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dvyukov dvyukov dvyukov left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@blackgnezdo @dvyukov