修改写文件时文件路径名校验

Signed-off-by: xangjm <xiangjiaming2@huawei.com>
2025-02-25 13:20:37 +00:00 · 2022-03-07 16:48:43 +08:00 · 2022-03-07 16:48:43 +08:00 · 80bb921d87
commit 80bb921d87
parent e38ed69c45
2 changed files with 40 additions and 2 deletions
--- a/device/plugins/ftrace_plugin/src/file_utils.cpp
+++ b/device/plugins/ftrace_plugin/src/file_utils.cpp
@ -21,6 +21,7 @@
 #include <dirent.h>
 #include <fcntl.h>
 #include <unistd.h>
+#include <regex>
 #include "logging.h"

 namespace {
@ -78,10 +79,28 @@ int FileUtils::WriteFile(const std::string& path, const std::string& content, in

 int FileUtils::WriteFile(const std::string& path, const std::string& content, int flags, int mode)
 {
-    if (path.empty() || (path.length() >= PATH_MAX) || (path.find("..") != std::string::npos)) {
+    if (path.empty() || (path.length() >= PATH_MAX)) {
        HILOG_ERROR(LOG_CORE, "%s:path is invalid: %s, errno=%d", __func__, path.c_str(), errno);
        return -1;
    }
+
+    std::regex dirNameRegex("[.~-]");
+    std::regex fileNameRegex("[\\/:*?\"<>|]");
+    size_t pos = path.rfind("/");
+    if (pos != std::string::npos) {
+        std::string dirName = path.substr(0, pos+1);
+        std::string fileName = path.substr(pos+1, path.length()-pos-1);
+        if (std::regex_search(dirName, dirNameRegex) || std::regex_search(fileName, fileNameRegex)) {
+            HILOG_ERROR(LOG_CORE, "%s:path is invalid: %s, errno=%d", __func__, path.c_str(), errno);
+            return -1;
+        }
+    } else {
+        if (std::regex_search(path, fileNameRegex)) {
+            HILOG_ERROR(LOG_CORE, "%s:path is invalid: %s, errno=%d", __func__, path.c_str(), errno);
+            return -1;
+        }
+    }
+
    int fd = open(path.c_str(), flags, mode);
    CHECK_TRUE(fd >= 0, -1, "open %s failed, %d", path.c_str(), errno);

--- a/device/plugins/ftrace_plugin/src/flow_controller.cpp
+++ b/device/plugins/ftrace_plugin/src/flow_controller.cpp
@ -22,6 +22,7 @@
 #include <sys/stat.h>
 #include <sys/types.h>
 #include <unistd.h>
+#include <regex>

 #include "bytrace_ops.h"
 #include "file_utils.h"
@ -151,10 +152,28 @@ bool FlowController::CreateRawDataCaches()
        auto& path = rawDataDumpPath_[i];
        HILOG_INFO(LOG_CORE, "create raw data cache[%zu]: %s", i, path.c_str());

-        if (path.empty() || (path.length() >= PATH_MAX) || (path.find("..") != std::string::npos)) {
+        if (path.empty() || (path.length() >= PATH_MAX)) {
            HILOG_ERROR(LOG_CORE, "%s:path is invalid: %s, errno=%d", __func__, path.c_str(), errno);
            return false;
        }
+
+        std::regex dirNameRegex("[.~-]");
+        std::regex fileNameRegex("[\\/:*?\"<>|]");
+        size_t pos = path.rfind("/");
+        if (pos != std::string::npos) {
+            std::string dirName = path.substr(0, pos+1);
+            std::string fileName = path.substr(pos+1, path.length()-pos-1);
+            if (std::regex_search(dirName, dirNameRegex) || std::regex_search(fileName, fileNameRegex)) {
+                HILOG_ERROR(LOG_CORE, "%s:path is invalid: %s, errno=%d", __func__, path.c_str(), errno);
+                return false;
+            }
+        } else {
+            if (std::regex_search(path, fileNameRegex)) {
+                HILOG_ERROR(LOG_CORE, "%s:path is invalid: %s, errno=%d", __func__, path.c_str(), errno);
+                return false;
+            }
+        }
+
        auto cache = std::shared_ptr<FILE>(fopen(path.c_str(), "wb+"), [](FILE* fp) { fclose(fp); });
        CHECK_NOTNULL(cache, false, "create cache[%zu]: %s failed!", i, path.c_str());
        rawDataDumpFile_.emplace_back(std::move(cache));