From d52d91fe7a349d24a83b8698b3d04874c9f52cd2 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Tue, 20 Feb 2024 11:21:28 +0100 Subject: [PATCH] AllowListInputAccessor: Clarify that the "allowed paths" are actually allowed prefixes E.g. adding "/" will allow access to the root and *everything below it*. --- src/libexpr/eval.cc | 4 ++-- src/libfetchers/filtering-input-accessor.cc | 16 ++++++++-------- src/libfetchers/filtering-input-accessor.hh | 9 +++++---- 3 files changed, 15 insertions(+), 14 deletions(-) diff --git a/src/libexpr/eval.cc b/src/libexpr/eval.cc index 6fc9df237..41b6f5c85 100644 --- a/src/libexpr/eval.cc +++ b/src/libexpr/eval.cc @@ -467,13 +467,13 @@ EvalState::~EvalState() void EvalState::allowPath(const Path & path) { if (auto rootFS2 = rootFS.dynamic_pointer_cast()) - rootFS2->allowPath(CanonPath(path)); + rootFS2->allowPrefix(CanonPath(path)); } void EvalState::allowPath(const StorePath & storePath) { if (auto rootFS2 = rootFS.dynamic_pointer_cast()) - rootFS2->allowPath(CanonPath(store->toRealPath(storePath))); + rootFS2->allowPrefix(CanonPath(store->toRealPath(storePath))); } void EvalState::allowAndSetStorePathString(const StorePath & storePath, Value & v) diff --git a/src/libfetchers/filtering-input-accessor.cc b/src/libfetchers/filtering-input-accessor.cc index 087a100af..32343abc4 100644 --- a/src/libfetchers/filtering-input-accessor.cc +++ b/src/libfetchers/filtering-input-accessor.cc @@ -51,33 +51,33 @@ void FilteringInputAccessor::checkAccess(const CanonPath & path) struct AllowListInputAccessorImpl : AllowListInputAccessor { - std::set allowedPaths; + std::set allowedPrefixes; AllowListInputAccessorImpl( ref next, - std::set && allowedPaths, + std::set && allowedPrefixes, MakeNotAllowedError && makeNotAllowedError) : AllowListInputAccessor(SourcePath(next), std::move(makeNotAllowedError)) - , allowedPaths(std::move(allowedPaths)) + , allowedPrefixes(std::move(allowedPrefixes)) { } bool isAllowed(const CanonPath & path) override { - return path.isAllowed(allowedPaths); + return path.isAllowed(allowedPrefixes); } - void allowPath(CanonPath path) override + void allowPrefix(CanonPath prefix) override { - allowedPaths.insert(std::move(path)); + allowedPrefixes.insert(std::move(prefix)); } }; ref AllowListInputAccessor::create( ref next, - std::set && allowedPaths, + std::set && allowedPrefixes, MakeNotAllowedError && makeNotAllowedError) { - return make_ref(next, std::move(allowedPaths), std::move(makeNotAllowedError)); + return make_ref(next, std::move(allowedPrefixes), std::move(makeNotAllowedError)); } bool CachingFilteringInputAccessor::isAllowed(const CanonPath & path) diff --git a/src/libfetchers/filtering-input-accessor.hh b/src/libfetchers/filtering-input-accessor.hh index 8a9b206ee..8111a72c5 100644 --- a/src/libfetchers/filtering-input-accessor.hh +++ b/src/libfetchers/filtering-input-accessor.hh @@ -54,18 +54,19 @@ struct FilteringInputAccessor : InputAccessor }; /** - * A wrapping `InputAccessor` that checks paths against an allow-list. + * A wrapping `InputAccessor` that checks paths against a set of + * allowed prefixes. */ struct AllowListInputAccessor : public FilteringInputAccessor { /** - * Grant access to the specified path. + * Grant access to the specified prefix. */ - virtual void allowPath(CanonPath path) = 0; + virtual void allowPrefix(CanonPath prefix) = 0; static ref create( ref next, - std::set && allowedPaths, + std::set && allowedPrefixes, MakeNotAllowedError && makeNotAllowedError); using FilteringInputAccessor::FilteringInputAccessor;