Add security check for directory symlinks
Currently only files symlink are verified during file operations.
This change is extending check to all directories in path.
Testing done:
- UTs are passing
Signed-off-by: Szymon Dompke <szymon.dompke@intel.com>
Change-Id: I1f30de94872d2a25597d3549224cd90aa8fab634
diff --git a/src/persistent_json_storage.cpp b/src/persistent_json_storage.cpp
index 0dc66ad..97326fe 100644
--- a/src/persistent_json_storage.cpp
+++ b/src/persistent_json_storage.cpp
@@ -2,11 +2,30 @@
#include <phosphor-logging/log.hpp>
+#include <format>
#include <fstream>
#include <stdexcept>
using namespace std::literals::string_literals;
+bool isAnySymlink(const std::filesystem::path& path)
+{
+ auto currentPath = path;
+ while (currentPath != path.root_path())
+ {
+ if (std::filesystem::is_symlink(currentPath))
+ {
+ std::string warningStr = std::format("{} is a symlink",
+ currentPath.string());
+ phosphor::logging::log<phosphor::logging::level::WARNING>(
+ warningStr.c_str());
+ return true;
+ }
+ currentPath = currentPath.parent_path();
+ }
+ return false;
+}
+
PersistentJsonStorage::PersistentJsonStorage(const DirectoryPath& directory) :
directory(directory)
{}
@@ -53,7 +72,7 @@
{
const auto path = join(directory, filePath);
- if (std::filesystem::is_symlink(path))
+ if (isAnySymlink(path))
{
return false;
}
@@ -114,7 +133,7 @@
for (const auto& p :
std::filesystem::recursive_directory_iterator(directory))
{
- if (p.is_regular_file() && !p.is_symlink())
+ if (p.is_regular_file() && !isAnySymlink(p.path()))
{
auto item = std::filesystem::relative(p.path(), directory);
result.emplace_back(std::move(item));
@@ -149,7 +168,7 @@
void PersistentJsonStorage::assertThatPathIsNotSymlink(
const std::filesystem::path& path)
{
- if (std::filesystem::is_symlink(path))
+ if (isAnySymlink(path))
{
throw std::runtime_error(
"Source/Target file is a symlink! Operation canceled on path "s +