mirror of
https://github.com/openclaw/openclaw.git
synced 2026-05-08 15:48:28 +00:00
fix: block broken-symlink sandbox path escapes
This commit is contained in:
Peter Steinberger
@@ -13,6 +13,15 @@ async function withTempDir<T>(fn: (dir: string) => Promise<T>) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
async function withWorkspaceTempDir<T>(fn: (dir: string) => Promise<T>) {
|
||||||
|
const dir = await fs.mkdtemp(path.join(process.cwd(), "openclaw-patch-workspace-"));
|
||||||
|
try {
|
||||||
|
return await fn(dir);
|
||||||
|
} finally {
|
||||||
|
await fs.rm(dir, { recursive: true, force: true });
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
function buildAddFilePatch(targetPath: string): string {
|
function buildAddFilePatch(targetPath: string): string {
|
||||||
return `*** Begin Patch
|
return `*** Begin Patch
|
||||||
*** Add File: ${targetPath}
|
*** Add File: ${targetPath}
|
||||||
@@ -159,6 +168,33 @@ describe("applyPatch", () => {
|
|||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
|
it("rejects broken final symlink targets outside cwd by default", async () => {
|
||||||
|
if (process.platform === "win32") {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
await withWorkspaceTempDir(async (dir) => {
|
||||||
|
const outsideDir = path.join(path.dirname(dir), `outside-broken-link-${Date.now()}`);
|
||||||
|
const outsideFile = path.join(outsideDir, "owned.txt");
|
||||||
|
const linkPath = path.join(dir, "jump");
|
||||||
|
await fs.mkdir(outsideDir, { recursive: true });
|
||||||
|
await fs.symlink(outsideFile, linkPath);
|
||||||
|
|
||||||
|
const patch = `*** Begin Patch
|
||||||
|
*** Add File: jump
|
||||||
|
+pwned
|
||||||
|
*** End Patch`;
|
||||||
|
|
||||||
|
try {
|
||||||
|
await expect(applyPatch(patch, { cwd: dir })).rejects.toThrow(
|
||||||
|
/Symlink escapes sandbox root/,
|
||||||
|
);
|
||||||
|
await expect(fs.readFile(outsideFile, "utf8")).rejects.toBeDefined();
|
||||||
|
} finally {
|
||||||
|
await fs.rm(outsideDir, { recursive: true, force: true });
|
||||||
|
}
|
||||||
|
});
|
||||||
|
});
|
||||||
|
|
||||||
it("rejects hardlink alias escapes by default", async () => {
|
it("rejects hardlink alias escapes by default", async () => {
|
||||||
if (process.platform === "win32") {
|
if (process.platform === "win32") {
|
||||||
return;
|
return;
|
||||||
|
|||||||
76
src/infra/path-alias-guards.test.ts
Normal file
76
src/infra/path-alias-guards.test.ts
Normal file
@@ -0,0 +1,76 @@
|
|||||||
|
import fs from "node:fs/promises";
|
||||||
|
import path from "node:path";
|
||||||
|
import { describe, expect, it } from "vitest";
|
||||||
|
import { assertNoPathAliasEscape } from "./path-alias-guards.js";
|
||||||
|
|
||||||
|
async function withTempRoot<T>(run: (root: string) => Promise<T>): Promise<T> {
|
||||||
|
const base = await fs.mkdtemp(path.join(process.cwd(), "openclaw-path-alias-"));
|
||||||
|
const root = path.join(base, "root");
|
||||||
|
await fs.mkdir(root, { recursive: true });
|
||||||
|
try {
|
||||||
|
return await run(root);
|
||||||
|
} finally {
|
||||||
|
await fs.rm(base, { recursive: true, force: true });
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
describe("assertNoPathAliasEscape", () => {
|
||||||
|
it.runIf(process.platform !== "win32")(
|
||||||
|
"rejects broken final symlink targets outside root",
|
||||||
|
async () => {
|
||||||
|
await withTempRoot(async (root) => {
|
||||||
|
const outside = path.join(path.dirname(root), "outside");
|
||||||
|
await fs.mkdir(outside, { recursive: true });
|
||||||
|
const linkPath = path.join(root, "jump");
|
||||||
|
await fs.symlink(path.join(outside, "owned.txt"), linkPath);
|
||||||
|
|
||||||
|
await expect(
|
||||||
|
assertNoPathAliasEscape({
|
||||||
|
absolutePath: linkPath,
|
||||||
|
rootPath: root,
|
||||||
|
boundaryLabel: "sandbox root",
|
||||||
|
}),
|
||||||
|
).rejects.toThrow(/Symlink escapes sandbox root/);
|
||||||
|
});
|
||||||
|
},
|
||||||
|
);
|
||||||
|
|
||||||
|
it.runIf(process.platform !== "win32")(
|
||||||
|
"allows broken final symlink targets that remain inside root",
|
||||||
|
async () => {
|
||||||
|
await withTempRoot(async (root) => {
|
||||||
|
const linkPath = path.join(root, "jump");
|
||||||
|
await fs.symlink(path.join(root, "missing", "owned.txt"), linkPath);
|
||||||
|
|
||||||
|
await expect(
|
||||||
|
assertNoPathAliasEscape({
|
||||||
|
absolutePath: linkPath,
|
||||||
|
rootPath: root,
|
||||||
|
boundaryLabel: "sandbox root",
|
||||||
|
}),
|
||||||
|
).resolves.toBeUndefined();
|
||||||
|
});
|
||||||
|
},
|
||||||
|
);
|
||||||
|
|
||||||
|
it.runIf(process.platform !== "win32")(
|
||||||
|
"rejects broken targets that traverse via an in-root symlink alias",
|
||||||
|
async () => {
|
||||||
|
await withTempRoot(async (root) => {
|
||||||
|
const outside = path.join(path.dirname(root), "outside");
|
||||||
|
await fs.mkdir(outside, { recursive: true });
|
||||||
|
await fs.symlink(outside, path.join(root, "hop"));
|
||||||
|
const linkPath = path.join(root, "jump");
|
||||||
|
await fs.symlink(path.join("hop", "missing", "owned.txt"), linkPath);
|
||||||
|
|
||||||
|
await expect(
|
||||||
|
assertNoPathAliasEscape({
|
||||||
|
absolutePath: linkPath,
|
||||||
|
rootPath: root,
|
||||||
|
boundaryLabel: "sandbox root",
|
||||||
|
}),
|
||||||
|
).rejects.toThrow(/Symlink escapes sandbox root/);
|
||||||
|
});
|
||||||
|
},
|
||||||
|
);
|
||||||
|
});
|
||||||
Reference in New Issue
Block a user