2020-09-21 00:18:25 +02:00
|
|
|
use std::{
|
2022-01-04 13:54:11 +01:00
|
|
|
path::{Component, Path, PathBuf},
|
2020-09-21 00:18:25 +02:00
|
|
|
str::FromStr,
|
|
|
|
};
|
|
|
|
|
2021-11-30 14:11:41 +01:00
|
|
|
use actix_utils::future::{ready, Ready};
|
2020-09-21 00:18:25 +02:00
|
|
|
use actix_web::{dev::Payload, FromRequest, HttpRequest};
|
|
|
|
|
|
|
|
use crate::error::UriSegmentError;
|
|
|
|
|
2021-11-18 19:14:34 +01:00
|
|
|
#[derive(Debug, PartialEq, Eq)]
|
2020-09-21 00:18:25 +02:00
|
|
|
pub(crate) struct PathBufWrap(PathBuf);
|
|
|
|
|
|
|
|
impl FromStr for PathBufWrap {
|
|
|
|
type Err = UriSegmentError;
|
|
|
|
|
|
|
|
fn from_str(path: &str) -> Result<Self, Self::Err> {
|
2020-12-26 04:36:15 +01:00
|
|
|
Self::parse_path(path, false)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
impl PathBufWrap {
|
|
|
|
/// Parse a path, giving the choice of allowing hidden files to be considered valid segments.
|
2021-11-18 19:14:34 +01:00
|
|
|
///
|
|
|
|
/// Path traversal is guarded by this method.
|
2020-12-26 04:36:15 +01:00
|
|
|
pub fn parse_path(path: &str, hidden_files: bool) -> Result<Self, UriSegmentError> {
|
2020-09-21 00:18:25 +02:00
|
|
|
let mut buf = PathBuf::new();
|
|
|
|
|
2022-01-04 13:54:11 +01:00
|
|
|
// equivalent to `path.split('/').count()`
|
|
|
|
let mut segment_count = path.matches('/').count() + 1;
|
|
|
|
|
|
|
|
// we can decode the whole path here (instead of per-segment decoding)
|
2023-02-20 09:11:16 +01:00
|
|
|
// because we will reject `%2F` in paths using `segment_count`.
|
2022-01-04 13:54:11 +01:00
|
|
|
let path = percent_encoding::percent_decode_str(path)
|
|
|
|
.decode_utf8()
|
|
|
|
.map_err(|_| UriSegmentError::NotValidUtf8)?;
|
|
|
|
|
|
|
|
// disallow decoding `%2F` into `/`
|
|
|
|
if segment_count != path.matches('/').count() + 1 {
|
|
|
|
return Err(UriSegmentError::BadChar('/'));
|
|
|
|
}
|
|
|
|
|
2020-09-21 00:18:25 +02:00
|
|
|
for segment in path.split('/') {
|
|
|
|
if segment == ".." {
|
2022-01-04 13:54:11 +01:00
|
|
|
segment_count -= 1;
|
2020-09-21 00:18:25 +02:00
|
|
|
buf.pop();
|
2020-12-26 04:36:15 +01:00
|
|
|
} else if !hidden_files && segment.starts_with('.') {
|
2020-09-21 00:18:25 +02:00
|
|
|
return Err(UriSegmentError::BadStart('.'));
|
|
|
|
} else if segment.starts_with('*') {
|
|
|
|
return Err(UriSegmentError::BadStart('*'));
|
|
|
|
} else if segment.ends_with(':') {
|
|
|
|
return Err(UriSegmentError::BadEnd(':'));
|
|
|
|
} else if segment.ends_with('>') {
|
|
|
|
return Err(UriSegmentError::BadEnd('>'));
|
|
|
|
} else if segment.ends_with('<') {
|
|
|
|
return Err(UriSegmentError::BadEnd('<'));
|
|
|
|
} else if segment.is_empty() {
|
2022-01-04 13:54:11 +01:00
|
|
|
segment_count -= 1;
|
2020-09-21 00:18:25 +02:00
|
|
|
continue;
|
|
|
|
} else if cfg!(windows) && segment.contains('\\') {
|
|
|
|
return Err(UriSegmentError::BadChar('\\'));
|
2022-01-25 17:44:05 +01:00
|
|
|
} else if cfg!(windows) && segment.contains(':') {
|
|
|
|
return Err(UriSegmentError::BadChar(':'));
|
2020-09-21 00:18:25 +02:00
|
|
|
} else {
|
|
|
|
buf.push(segment)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-01-04 13:54:11 +01:00
|
|
|
// make sure we agree with stdlib parser
|
|
|
|
for (i, component) in buf.components().enumerate() {
|
2022-01-25 17:44:05 +01:00
|
|
|
assert!(
|
|
|
|
matches!(component, Component::Normal(_)),
|
|
|
|
"component `{:?}` is not normal",
|
|
|
|
component
|
|
|
|
);
|
2022-01-04 13:54:11 +01:00
|
|
|
assert!(i < segment_count);
|
|
|
|
}
|
|
|
|
|
2020-09-21 00:18:25 +02:00
|
|
|
Ok(PathBufWrap(buf))
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
impl AsRef<Path> for PathBufWrap {
|
|
|
|
fn as_ref(&self) -> &Path {
|
|
|
|
self.0.as_ref()
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
impl FromRequest for PathBufWrap {
|
|
|
|
type Error = UriSegmentError;
|
|
|
|
type Future = Ready<Result<Self, Self::Error>>;
|
|
|
|
|
|
|
|
fn from_request(req: &HttpRequest, _: &mut Payload) -> Self::Future {
|
2022-01-19 21:26:33 +01:00
|
|
|
ready(req.match_info().unprocessed().parse())
|
2020-09-21 00:18:25 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
#[cfg(test)]
|
|
|
|
mod tests {
|
|
|
|
use super::*;
|
|
|
|
|
|
|
|
#[test]
|
|
|
|
fn test_path_buf() {
|
|
|
|
assert_eq!(
|
|
|
|
PathBufWrap::from_str("/test/.tt").map(|t| t.0),
|
|
|
|
Err(UriSegmentError::BadStart('.'))
|
|
|
|
);
|
|
|
|
assert_eq!(
|
|
|
|
PathBufWrap::from_str("/test/*tt").map(|t| t.0),
|
|
|
|
Err(UriSegmentError::BadStart('*'))
|
|
|
|
);
|
|
|
|
assert_eq!(
|
|
|
|
PathBufWrap::from_str("/test/tt:").map(|t| t.0),
|
|
|
|
Err(UriSegmentError::BadEnd(':'))
|
|
|
|
);
|
|
|
|
assert_eq!(
|
|
|
|
PathBufWrap::from_str("/test/tt<").map(|t| t.0),
|
|
|
|
Err(UriSegmentError::BadEnd('<'))
|
|
|
|
);
|
|
|
|
assert_eq!(
|
|
|
|
PathBufWrap::from_str("/test/tt>").map(|t| t.0),
|
|
|
|
Err(UriSegmentError::BadEnd('>'))
|
|
|
|
);
|
|
|
|
assert_eq!(
|
|
|
|
PathBufWrap::from_str("/seg1/seg2/").unwrap().0,
|
|
|
|
PathBuf::from_iter(vec!["seg1", "seg2"])
|
|
|
|
);
|
|
|
|
assert_eq!(
|
|
|
|
PathBufWrap::from_str("/seg1/../seg2/").unwrap().0,
|
|
|
|
PathBuf::from_iter(vec!["seg2"])
|
|
|
|
);
|
|
|
|
}
|
2020-12-26 04:36:15 +01:00
|
|
|
|
|
|
|
#[test]
|
|
|
|
fn test_parse_path() {
|
|
|
|
assert_eq!(
|
|
|
|
PathBufWrap::parse_path("/test/.tt", false).map(|t| t.0),
|
|
|
|
Err(UriSegmentError::BadStart('.'))
|
|
|
|
);
|
|
|
|
|
|
|
|
assert_eq!(
|
|
|
|
PathBufWrap::parse_path("/test/.tt", true).unwrap().0,
|
|
|
|
PathBuf::from_iter(vec!["test", ".tt"])
|
|
|
|
);
|
|
|
|
}
|
2021-11-18 19:14:34 +01:00
|
|
|
|
|
|
|
#[test]
|
|
|
|
fn path_traversal() {
|
|
|
|
assert_eq!(
|
|
|
|
PathBufWrap::parse_path("/../README.md", false).unwrap().0,
|
|
|
|
PathBuf::from_iter(vec!["README.md"])
|
|
|
|
);
|
|
|
|
|
|
|
|
assert_eq!(
|
|
|
|
PathBufWrap::parse_path("/../README.md", true).unwrap().0,
|
|
|
|
PathBuf::from_iter(vec!["README.md"])
|
|
|
|
);
|
|
|
|
|
|
|
|
assert_eq!(
|
|
|
|
PathBufWrap::parse_path("/../../../../../../../../../../etc/passwd", false)
|
|
|
|
.unwrap()
|
|
|
|
.0,
|
|
|
|
PathBuf::from_iter(vec!["etc/passwd"])
|
|
|
|
);
|
|
|
|
}
|
2022-01-25 17:44:05 +01:00
|
|
|
|
|
|
|
#[test]
|
|
|
|
#[cfg_attr(windows, should_panic)]
|
|
|
|
fn windows_drive_traversal() {
|
|
|
|
// detect issues in windows that could lead to path traversal
|
|
|
|
// see <https://github.com/SergioBenitez/Rocket/issues/1949
|
|
|
|
|
|
|
|
assert_eq!(
|
|
|
|
PathBufWrap::parse_path("C:test.txt", false).unwrap().0,
|
|
|
|
PathBuf::from_iter(vec!["C:test.txt"])
|
|
|
|
);
|
|
|
|
|
|
|
|
assert_eq!(
|
|
|
|
PathBufWrap::parse_path("C:../whatever", false).unwrap().0,
|
|
|
|
PathBuf::from_iter(vec!["C:../whatever"])
|
|
|
|
);
|
|
|
|
|
|
|
|
assert_eq!(
|
|
|
|
PathBufWrap::parse_path(":test.txt", false).unwrap().0,
|
|
|
|
PathBuf::from_iter(vec![":test.txt"])
|
|
|
|
);
|
|
|
|
}
|
2020-09-21 00:18:25 +02:00
|
|
|
}
|