From 028b1627633d852b8a8e2f9230eb55bfc374e3f6 Mon Sep 17 00:00:00 2001 From: "kestes%walrus.com" Date: Thu, 2 Aug 2001 20:06:02 +0000 Subject: [PATCH] fix bug in the untainting code by splitting the checks into two parts one checks for valid characters in a filename the other checks for both valid characters and valid directories as well. --- webtools/tinderbox2/src/bin/addnote.cgi | 6 +- .../tinderbox2/src/bin/processmail_builds | 77 +++++++++++++------ webtools/tinderbox2/src/bin/rmlogs | 6 +- 3 files changed, 61 insertions(+), 28 deletions(-) diff --git a/webtools/tinderbox2/src/bin/addnote.cgi b/webtools/tinderbox2/src/bin/addnote.cgi index 8685846b4dff..44b0339bb53c 100644 --- a/webtools/tinderbox2/src/bin/addnote.cgi +++ b/webtools/tinderbox2/src/bin/addnote.cgi @@ -6,8 +6,8 @@ # on the tinderbox status page. -# $Revision: 1.7 $ -# $Date: 2001/07/20 19:04:47 $ +# $Revision: 1.8 $ +# $Date: 2001/08/02 20:06:02 $ # $Author: kestes%walrus.com $ # $Source: /home/hwine/cvs_conversion/cvsroot/mozilla/webtools/tinderbox2/src/bin/addnote.cgi,v $ # $Name: $ @@ -197,7 +197,7 @@ sub save_note { "/Notice\.Update\.$time\.$MAILADDR"); $update_file =~ s/\@/\./g; - $update_file = main::extract_filename_chars($update_file); + $update_file = main::extract_safe_filename($update_file); Persistence::save_structure( $record, diff --git a/webtools/tinderbox2/src/bin/processmail_builds b/webtools/tinderbox2/src/bin/processmail_builds index 78c8c3ad4348..541721ff0a8c 100755 --- a/webtools/tinderbox2/src/bin/processmail_builds +++ b/webtools/tinderbox2/src/bin/processmail_builds @@ -12,8 +12,8 @@ # server. No locks are used by the mail processes, data is passed to # the tinderbox server in a maildir like format. -# $Revision: 1.6 $ -# $Date: 2001/07/20 19:04:49 $ +# $Revision: 1.7 $ +# $Date: 2001/08/02 20:06:02 $ # $Author: kestes%walrus.com $ # $Source: /home/hwine/cvs_conversion/cvsroot/mozilla/webtools/tinderbox2/src/bin/processmail_builds,v $ # $Name: $ @@ -605,22 +605,11 @@ sub process_bloat_data { return ; } - - -# create the HTML file headers for both the full and brief log -# files. This must run after the message body has been parsed as some -# of the data comes from there. - -sub log_header { - my ($logtype) = @_; - - my ($out) = ''; - my ($tree) = $TINDERBOX{'tree'}; - - $out .= HTMLPopUp::page_header('title'=>"$logtype Build Log ". - "for tree: $tree "); +sub log_links { + my ($tree, $logtype) = @_; my $notlogtype = ( $logtype eq 'full' ? "brief" : "full"); + my $out; $out .= "\n"; $out .= "\n"; @@ -641,7 +630,24 @@ sub log_header { ); $out .= "\n"; - $out .= "\n"; + + return $out +} + +# create the HTML file headers for both the full and brief log +# files. This must run after the message body has been parsed as some +# of the data comes from there. + +sub log_header { + my ($logtype) = @_; + + my ($out) = ''; + my ($tree) = $TINDERBOX{'tree'}; + + $out .= HTMLPopUp::page_header('title'=>"$logtype Build Log ". + "for tree: $tree "); + + $out .= log_links($tree, $logtype)."\n"; $out .= "

Build Data

\n"; $out .= "
\n";
@@ -659,6 +665,19 @@ sub log_header {
 
 }
 
+sub log_footer {
+  my ($logtype) = @_;
+  
+  my ($out) = '';
+  my ($tree) = $TINDERBOX{'tree'};
+
+  $out .= log_links($tree, $logtype)."\n";
+  $out .= "\n";
+  $out .= "\n";
+
+  return $out;
+}
+
 
 # create the HTML links for errors this is for both 
 # 1) the $headerline,  which will appear in the error picklist 
@@ -819,6 +838,12 @@ sub parse_mail_body {
     die("Could not write to file: '$TMP_FILE{'errorpick'}'. $!\n");
 
   print ERROR_PICK "\n
\n";
+  print ERROR_PICK HTMLPopUp::Link(
+                                   "linktxt"=>"End of Log File", 
+                                   "href"=>"\#EOF",
+                                   ).
+                                   "\n";
+    
 
   my ($next_err) = 1;
   my ($lines_since_error) = 0;
@@ -930,11 +955,15 @@ sub parse_mail_body {
   my ($last_errline) = ("
".
                         "".
                         HTMLPopUp::Link(
-                                   "name"=>"err".($next_err_ref),
-                                   "linktxt"=>"No More Errors", 
-                                   "href"=>"\#err".(1),
-                                  ).
-                        "
");
+                                        "name"=>"err".($next_err_ref),
+                                        "linktxt"=>"No More Errors", 
+                                        "href"=>"\#err".(1),
+                                        ).
+                        "".
+                        HTMLPopUp::Link(
+                                        "name"=>"EOF",
+                                        ).
+                        "
");
   
   print BRIEF $last_errline;
   print FULL  $last_errline;
@@ -989,6 +1018,8 @@ sub assemble_files {
       print FULL $line;
     }
     
+    print FULL log_footer('full');
+    
     close(FULL) ||
       die("Could not close file: '$FILE{'full-log'}': waitstaus: $? : $! \n");
     close(TMP_FULL) ||
@@ -1017,6 +1048,8 @@ sub assemble_files {
       print BRIEF $line;
     }
     
+    print BRIEF log_footer('brief');
+
     close(BRIEF) ||
       die("Could not close file: '$FILE{'brief-log'}'.\n");
     close(TMP_BRIEF) ||            
diff --git a/webtools/tinderbox2/src/bin/rmlogs b/webtools/tinderbox2/src/bin/rmlogs
index caebdd10dac8..e02b200f8cbb 100644
--- a/webtools/tinderbox2/src/bin/rmlogs
+++ b/webtools/tinderbox2/src/bin/rmlogs
@@ -6,8 +6,8 @@
 #          days set in TinderConfig.  This program should be 
 # 	   run from cron daily.
 
-# $Revision: 1.6 $ 
-# $Date: 2001/07/20 19:04:49 $ 
+# $Revision: 1.7 $ 
+# $Date: 2001/08/02 20:06:02 $ 
 # $Author: kestes%walrus.com $ 
 # $Source: /home/hwine/cvs_conversion/cvsroot/mozilla/webtools/tinderbox2/src/bin/rmlogs,v $ 
 # $Name:  $ 
@@ -71,7 +71,7 @@ sub rm_logfile {
     return 1;
 
   # untaint path
-  $full_path = extract_filename_chars($full_path);
+  $full_path = main::extract_safe_filename($full_path);
 
   # save stat info for the file, incase we need it in the future.