fix(filesystem): harden the filesystem service to avoid path traversal attacks EE-1922 (#5957)

fix(filesystem): harden the filesystem service to avoid path traversal attacks EE-1922
2025-08-02 20:35:25 +02:00 · 2021-11-01 08:01:03 -03:00 · 2021-11-01 08:01:03 -03:00 · 28f71e486a
commit 28f71e486a
parent c763219f74
21 changed files with 292 additions and 176 deletions
--- a/api/http/handler/stacks/create_compose_stack.go
+++ b/api/http/handler/stacks/create_compose_stack.go
@ -3,7 +3,6 @@ package stacks
 import (
 	"fmt"
 	"net/http"
-	"path"
 	"strconv"
 	"time"

@ -389,10 +388,9 @@ func (handler *Handler) deployComposeStack(config *composeStackDeploymentConfig)
 		!isAdminOrEndpointAdmin {

 		for _, file := range append([]string{config.stack.EntryPoint}, config.stack.AdditionalFiles...) {
-			path := path.Join(config.stack.ProjectPath, file)
-			stackContent, err := handler.FileService.GetFileContent(path)
+			stackContent, err := handler.FileService.GetFileContent(config.stack.ProjectPath, file)
 			if err != nil {
-				return errors.Wrapf(err, "failed to get stack file content `%q`", path)
+				return errors.Wrapf(err, "failed to get stack file content `%q`", file)
 			}

 			err = handler.isValidStackFile(stackContent, securitySettings)
--- a/api/http/handler/stacks/create_swarm_stack.go
+++ b/api/http/handler/stacks/create_swarm_stack.go
@ -3,7 +3,6 @@ package stacks
 import (
 	"fmt"
 	"net/http"
-	"path"
 	"strconv"
 	"time"

@ -399,8 +398,7 @@ func (handler *Handler) deploySwarmStack(config *swarmStackDeploymentConfig) err

 	if !settings.AllowBindMountsForRegularUsers && !isAdminOrEndpointAdmin {
 		for _, file := range append([]string{config.stack.EntryPoint}, config.stack.AdditionalFiles...) {
-			path := path.Join(config.stack.ProjectPath, file)
-			stackContent, err := handler.FileService.GetFileContent(path)
+			stackContent, err := handler.FileService.GetFileContent(config.stack.ProjectPath, file)
 			if err != nil {
 				return errors.WithMessage(err, "failed to get stack file content")
 			}
--- a/api/http/handler/stacks/stack_delete.go
+++ b/api/http/handler/stacks/stack_delete.go
@ -6,7 +6,6 @@ import (
 	"io/ioutil"
 	"net/http"
 	"os"
-	"path"
 	"strconv"

 	"github.com/pkg/errors"
@ -198,8 +197,8 @@ func (handler *Handler) deleteStack(userID portainer.UserID, stack *portainer.St
 			defer os.RemoveAll(tmpDir)

 			for _, fileName := range fileNames {
-				manifestFilePath := path.Join(tmpDir, fileName)
-				manifestContent, err := ioutil.ReadFile(path.Join(stack.ProjectPath, fileName))
+				manifestFilePath := filesystem.JoinPaths(tmpDir, fileName)
+				manifestContent, err := handler.FileService.GetFileContent(stack.ProjectPath, fileName)
 				if err != nil {
 					return errors.Wrap(err, "failed to read manifest file")
 				}
--- a/api/http/handler/stacks/stack_file.go
+++ b/api/http/handler/stacks/stack_file.go
@ -2,7 +2,6 @@ package stacks

 import (
 	"net/http"
-	"path"

 	httperror "github.com/portainer/libhttp/error"
 	"github.com/portainer/libhttp/request"
@ -82,7 +81,7 @@ func (handler *Handler) stackFile(w http.ResponseWriter, r *http.Request) *httpe
 		}
 	}

-	stackFileContent, err := handler.FileService.GetFileContent(path.Join(stack.ProjectPath, stack.EntryPoint))
+	stackFileContent, err := handler.FileService.GetFileContent(stack.ProjectPath, stack.EntryPoint)
 	if err != nil {
 		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve Compose file from disk", err}
 	}
--- a/api/http/handler/stacks/update_kubernetes_stack.go
+++ b/api/http/handler/stacks/update_kubernetes_stack.go
@ -5,7 +5,6 @@ import (
 	"io/ioutil"
 	"net/http"
 	"os"
-	"path"
 	"strconv"

 	"github.com/asaskevich/govalidator"
@ -108,7 +107,7 @@ func (handler *Handler) updateKubernetesStack(r *http.Request, stack *portainer.
 	tempFileDir, _ := ioutil.TempDir("", "kub_file_content")
 	defer os.RemoveAll(tempFileDir)

-	if err := filesystem.WriteToFile(path.Join(tempFileDir, stack.EntryPoint), []byte(payload.StackFileContent)); err != nil {
+	if err := filesystem.WriteToFile(filesystem.JoinPaths(tempFileDir, stack.EntryPoint), []byte(payload.StackFileContent)); err != nil {
 		return &httperror.HandlerError{StatusCode: http.StatusInternalServerError, Message: "Failed to persist deployment file in a temp directory", Err: err}
 	}