Plugins: Improved handling of symlinks (#51324) (#51431)

Improves how we handle symlinks in plugin management. (cherry picked from commit 04df634ef5) Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
2022-06-27 06:41:51 -04:00
parent e037f7ace7
commit 504ecbd4f9
3 changed files with 43 additions and 15 deletions
--- a/pkg/plugins/manager/installer/installer.go
+++ b/pkg/plugins/manager/installer/installer.go
@@ -620,7 +620,7 @@ func isSymlinkRelativeTo(basePath string, symlinkDestPath string, symlinkOrigPat
 			return false
 		}

-		if strings.HasPrefix(p, ".."+string(filepath.Separator)) {
+		if p == ".." || strings.HasPrefix(p, ".."+string(filepath.Separator)) {
 			return false
 		}
 	}
--- a/pkg/plugins/manager/installer/installer_test.go
+++ b/pkg/plugins/manager/installer/installer_test.go
@@ -280,6 +280,34 @@ func TestIsSymlinkRelativeTo(t *testing.T) {
 			symlinkOrigPath: "/dir/sub-dir/test1.txt",
 			expected:        false,
 		},
+		{
+			desc:            "Symbolic link pointing to relative file outside basePath should return false",
+			basePath:        "/dir",
+			symlinkDestPath: "../../",
+			symlinkOrigPath: "/dir/sub-sir/symlink.txt",
+			expected:        false,
+		},
+		{
+			desc:            "Symbolic link pointing to relative file outside basePath should return false",
+			basePath:        "/dir",
+			symlinkDestPath: "../..",
+			symlinkOrigPath: "/dir/sub-sir/symlink.txt",
+			expected:        false,
+		},
+		{
+			desc:            "Symbolic link pointing to relative file outside basePath should return false",
+			basePath:        "/dir",
+			symlinkDestPath: "../../",
+			symlinkOrigPath: "/dir/sub-sir/",
+			expected:        false,
+		},
+		{
+			desc:            "Symbolic link pointing to relative file outside basePath should return false",
+			basePath:        "/dir",
+			symlinkDestPath: "../..",
+			symlinkOrigPath: "/dir/sub-sir/",
+			expected:        false,
+		},
 	}

 	for _, tc := range tcs {
--- a/pkg/plugins/manager/signature/manifest.go
+++ b/pkg/plugins/manager/signature/manifest.go
@@ -109,6 +109,14 @@ func Calculate(mlog log.Logger, plugin *plugins.Plugin) (plugins.Signature, erro
 		}, nil
 	}

+	pluginFiles, err := pluginFilesRequiringVerification(plugin)
+	if err != nil {
+		mlog.Warn("Could not collect plugin file information in directory", "pluginID", plugin.ID, "dir", plugin.PluginDir)
+		return plugins.Signature{
+			Status: plugins.SignatureInvalid,
+		}, err
+	}
+
 	manifestPath := filepath.Join(plugin.PluginDir, "MANIFEST.txt")

 	// nolint:gosec
@@ -184,14 +192,6 @@ func Calculate(mlog log.Logger, plugin *plugins.Plugin) (plugins.Signature, erro
 	}

 	if manifest.isV2() {
-		pluginFiles, err := pluginFilesRequiringVerification(plugin)
-		if err != nil {
-			mlog.Warn("Could not collect plugin file information in directory", "pluginID", plugin.ID, "dir", plugin.PluginDir)
-			return plugins.Signature{
-				Status: plugins.SignatureInvalid,
-			}, err
-		}
-
 		// Track files missing from the manifest
 		var unsignedFiles []string
 		for _, f := range pluginFiles {
@@ -264,19 +264,19 @@ func pluginFilesRequiringVerification(plugin *plugins.Plugin) ([]string, error)
 				return err
 			}

-			// skip symlink directories
-			if symlink.IsDir() {
-				return nil
-			}
-
 			// verify that symlinked file is within plugin directory
 			p, err := filepath.Rel(plugin.PluginDir, symlinkPath)
 			if err != nil {
 				return err
 			}
-			if strings.HasPrefix(p, ".."+string(filepath.Separator)) {
+			if p == ".." || strings.HasPrefix(p, ".."+string(filepath.Separator)) {
 				return fmt.Errorf("file '%s' not inside of plugin directory", p)
 			}
+
+			// skip adding symlinked directories
+			if symlink.IsDir() {
+				return nil
+			}
 		}

 		// skip directories and MANIFEST.txt