AllowListInputAccessor: Clarify that the "allowed paths" are actually allowed prefixes

E.g. adding "/" will allow access to the root and *everything below it*.
2025-01-19 01:26:47 +02:00 · 2024-02-20 11:21:28 +01:00 · 2024-02-20 11:21:28 +01:00 · d52d91fe7a
commit d52d91fe7a
parent 06be819b89
3 changed files with 15 additions and 14 deletions
--- a/src/libexpr/eval.cc
+++ b/src/libexpr/eval.cc
@ -467,13 +467,13 @@ EvalState::~EvalState()
 void EvalState::allowPath(const Path & path)
 {
    if (auto rootFS2 = rootFS.dynamic_pointer_cast<AllowListInputAccessor>())
-        rootFS2->allowPath(CanonPath(path));
+        rootFS2->allowPrefix(CanonPath(path));
 }

 void EvalState::allowPath(const StorePath & storePath)
 {
    if (auto rootFS2 = rootFS.dynamic_pointer_cast<AllowListInputAccessor>())
-        rootFS2->allowPath(CanonPath(store->toRealPath(storePath)));
+        rootFS2->allowPrefix(CanonPath(store->toRealPath(storePath)));
 }

 void EvalState::allowAndSetStorePathString(const StorePath & storePath, Value & v)
--- a/src/libfetchers/filtering-input-accessor.cc
+++ b/src/libfetchers/filtering-input-accessor.cc
@ -51,33 +51,33 @@ void FilteringInputAccessor::checkAccess(const CanonPath & path)

 struct AllowListInputAccessorImpl : AllowListInputAccessor
 {
-    std::set<CanonPath> allowedPaths;
+    std::set<CanonPath> allowedPrefixes;

    AllowListInputAccessorImpl(
        ref<InputAccessor> next,
-        std::set<CanonPath> && allowedPaths,
+        std::set<CanonPath> && allowedPrefixes,
        MakeNotAllowedError && makeNotAllowedError)
        : AllowListInputAccessor(SourcePath(next), std::move(makeNotAllowedError))
-        , allowedPaths(std::move(allowedPaths))
+        , allowedPrefixes(std::move(allowedPrefixes))
    { }

    bool isAllowed(const CanonPath & path) override
    {
-        return path.isAllowed(allowedPaths);
+        return path.isAllowed(allowedPrefixes);
    }

-    void allowPath(CanonPath path) override
+    void allowPrefix(CanonPath prefix) override
    {
-        allowedPaths.insert(std::move(path));
+        allowedPrefixes.insert(std::move(prefix));
    }
 };

 ref<AllowListInputAccessor> AllowListInputAccessor::create(
    ref<InputAccessor> next,
-    std::set<CanonPath> && allowedPaths,
+    std::set<CanonPath> && allowedPrefixes,
    MakeNotAllowedError && makeNotAllowedError)
 {
-    return make_ref<AllowListInputAccessorImpl>(next, std::move(allowedPaths), std::move(makeNotAllowedError));
+    return make_ref<AllowListInputAccessorImpl>(next, std::move(allowedPrefixes), std::move(makeNotAllowedError));
 }

 bool CachingFilteringInputAccessor::isAllowed(const CanonPath & path)
--- a/src/libfetchers/filtering-input-accessor.hh
+++ b/src/libfetchers/filtering-input-accessor.hh
@ -54,18 +54,19 @@ struct FilteringInputAccessor : InputAccessor
 };

 /**
- * A wrapping `InputAccessor` that checks paths against an allow-list.
+ * A wrapping `InputAccessor` that checks paths against a set of
+ * allowed prefixes.
 */
 struct AllowListInputAccessor : public FilteringInputAccessor
 {
    /**
-     * Grant access to the specified path.
+     * Grant access to the specified prefix.
     */
-    virtual void allowPath(CanonPath path) = 0;
+    virtual void allowPrefix(CanonPath prefix) = 0;

    static ref<AllowListInputAccessor> create(
        ref<InputAccessor> next,
-        std::set<CanonPath> && allowedPaths,
+        std::set<CanonPath> && allowedPrefixes,
        MakeNotAllowedError && makeNotAllowedError);

    using FilteringInputAccessor::FilteringInputAccessor;