wings/server/filesystem/path.go

package filesystem

import (
	"path/filepath"
	"strings"

	"emperror.dev/errors"
)

// Checks if the given file or path is in the server's file denylist. If so, an Error
// is returned, otherwise nil is returned.
func (fs *Filesystem) IsIgnored(paths ...string) error {
	for _, p := range paths {
		//sp, err := fs.SafePath(p)
		//if err != nil {
		//	return err
		//}
		// TODO: update logic to use unixFS
		if fs.denylist.MatchesPath(p) {
			return errors.WithStack(&Error{code: ErrCodeDenylistFile, path: p, resolved: p})
		}
	}
	return nil
}

// Generate a path to the file by cleaning it up and appending the root server path to it. This
// DOES NOT guarantee that the file resolves within the server data directory. You'll want to use
// the fs.unsafeIsInDataDirectory(p) function to confirm.
func (fs *Filesystem) unsafeFilePath(p string) string {
	// Calling filepath.Clean on the joined directory will resolve it to the absolute path,
	// removing any ../ type of resolution arguments, and leaving us with a direct path link.
	//
	// This will also trim the existing root path off the beginning of the path passed to
	// the function since that can get a bit messy.
	return filepath.Clean(filepath.Join(fs.Path(), strings.TrimPrefix(p, fs.Path())))
}

// Check that that path string starts with the server data directory path. This function DOES NOT
// validate that the rest of the path does not end up resolving out of this directory, or that the
// targeted file or folder is not a symlink doing the same thing.
func (fs *Filesystem) unsafeIsInDataDirectory(p string) bool {
	return strings.HasPrefix(strings.TrimSuffix(p, "/")+"/", strings.TrimSuffix(fs.Path(), "/")+"/")
}
Refactor filesystem to not be dependent on a server struct 2020-09-27 19:24:08 +00:00			`package filesystem`

			`import (`
			`"path/filepath"`
			`"strings"`
Add base idea for denying write access to certain files; ref pterodactyl/panel#569 2021-01-11 00:33:39 +00:00
Better error handling and logging for restorations 2021-01-31 02:43:35 +00:00			`"emperror.dev/errors"`
Refactor filesystem to not be dependent on a server struct 2020-09-27 19:24:08 +00:00			`)`

Add base idea for denying write access to certain files; ref pterodactyl/panel#569 2021-01-11 00:33:39 +00:00			`// Checks if the given file or path is in the server's file denylist. If so, an Error`
			`// is returned, otherwise nil is returned.`
			`func (fs *Filesystem) IsIgnored(paths ...string) error {`
			`for _, p := range paths {`
server(filesystem): rebuild everything imaginable This wonderfully large commit replaces basically everything under the `server/filesystem` package, re-implementing essentially everything. This is related to https://github.com/pterodactyl/wings/security/advisories/GHSA-494h-9924-xww9 If any vulnerabilities related to symlinks persist after this commit, I will be very upset. Signed-off-by: Matthew Penner <me@matthewp.io> 2024-03-13 03:44:55 +00:00			`//sp, err := fs.SafePath(p)`
			`//if err != nil {`
			`// return err`
			`//}`
			`// TODO: update logic to use unixFS`
			`if fs.denylist.MatchesPath(p) {`
			`return errors.WithStack(&Error{code: ErrCodeDenylistFile, path: p, resolved: p})`
Add base idea for denying write access to certain files; ref pterodactyl/panel#569 2021-01-11 00:33:39 +00:00			`}`
			`}`
			`return nil`
			`}`

Refactor filesystem to not be dependent on a server struct 2020-09-27 19:24:08 +00:00			`// Generate a path to the file by cleaning it up and appending the root server path to it. This`
			`// DOES NOT guarantee that the file resolves within the server data directory. You'll want to use`
			`// the fs.unsafeIsInDataDirectory(p) function to confirm.`
			`func (fs *Filesystem) unsafeFilePath(p string) string {`
			`// Calling filepath.Clean on the joined directory will resolve it to the absolute path,`
			`// removing any ../ type of resolution arguments, and leaving us with a direct path link.`
			`//`
			`// This will also trim the existing root path off the beginning of the path passed to`
			`// the function since that can get a bit messy.`
			`return filepath.Clean(filepath.Join(fs.Path(), strings.TrimPrefix(p, fs.Path())))`
			`}`

			`// Check that that path string starts with the server data directory path. This function DOES NOT`
			`// validate that the rest of the path does not end up resolving out of this directory, or that the`
			`// targeted file or folder is not a symlink doing the same thing.`
			`func (fs *Filesystem) unsafeIsInDataDirectory(p string) bool {`
			`return strings.HasPrefix(strings.TrimSuffix(p, "/")+"/", strings.TrimSuffix(fs.Path(), "/")+"/")`
			`}`