remove verify_src_file
authorJoey Hess <joey@kitenet.net>
Wed, 21 Apr 2010 19:05:59 +0000 (15:05 -0400)
committerJoey Hess <joey@kitenet.net>
Wed, 21 Apr 2010 19:05:59 +0000 (15:05 -0400)
Splitting out this function bothered me. It is conceptially similar to
file_pruned, and yet also very specific to exactly the security needs of
find_src_files.

I liked that it got rid of duplicate code in the latter function. So
instead, put a helper sub in that, which I think allows refactoring
things more cleanly, and with less boilerplate.

As to the needs of gen_autofile, I'm not convinced this needs to handle
the same set of problems that verify_src_file did. So I sat down and
wrote a custom validator for autofiles, which turned out to seem to just
need three things: Make sure the candidate filename is not something
that would be pruned; untaint the candidate filename; and make sure that
srcdir doesn't already have something with its name. (Plus, of course,
all the other checks that were already in gen_autofile.)

(In passing, also fixed a bunch of bugs I had introduced in this branch.)

IkiWiki/Render.pm

index 03b2910fd2b3a95c4bec796317d6aaf621790f3a..14f6f9d5f8bf54682d43e79dd3cb632338a993cf 100644 (file)
@@ -281,68 +281,59 @@ sub srcdir_check () {
        
 }
 
        
 }
 
-sub verify_src_file ($$) {
-       my $file=shift;
-       my $dir=shift;
-
-       return if -l $file || -d _;
-       $file=~s/^\Q$dir\E\/?//;
-       return if ! length $file;
-       my $page = pagename($file);
-       if (! exists $pagesources{$page} &&
-               file_pruned($file)) {
-               return;
-       }
-
-       my ($file_untainted) = $file =~ /$config{wiki_file_regexp}/; # untaint
-       if (! defined $file_untainted) {
-               warn(sprintf(gettext("skipping bad filename %s"), $file)."\n");
-       }
-       return ($file_untainted, $page);
-}
-
 sub find_src_files () {
        my @files;
        my %pages;
        eval q{use File::Find};
        error($@) if $@;
 sub find_src_files () {
        my @files;
        my %pages;
        eval q{use File::Find};
        error($@) if $@;
-       find({
-               no_chdir => 1,
-               wanted => sub {
-                       my ($file, $page) = verify_src_file(decode_utf8($_), $config{srcdir});
-                       if (defined $file) {
-                               push @files, $file;
-                               if ($pages{$page}) {
-                                       debug(sprintf(gettext("%s has multiple possible source pages"), $page));
+
+       my ($page, $dir, $underlay);
+       my $helper=sub {
+               my $file=decode_utf8($_);
+
+               return if -l $file || -d _;
+               $file=~s/^\Q$dir\E\/?//;
+               return if ! length $file;
+               $page = pagename($file);
+               if (! exists $pagesources{$page} &&
+                   file_pruned($file)) {
+                       $File::Find::prune=1;
+                       return;
+               }
+
+               my ($f) = $file =~ /$config{wiki_file_regexp}/; # untaint
+               if (! defined $f) {
+                       warn(sprintf(gettext("skipping bad filename %s"), $file)."\n");
+               }
+       
+               if ($underlay) {
+                       # avoid underlaydir override attacks; see security.mdwn
+                       if (! -l "$config{srcdir}/$f" && ! -e _) {
+                               if (! $pages{$page}) {
+                                       push @files, $f;
+                                       $pages{$page}=1;
                                }
                                }
-                               $pages{$page}=1;
                        }
                        }
-                       else {
-                               $File::Find::prune=1;
+               }
+               else {
+                       push @files, $f;
+                       if ($pages{$page}) {
+                               debug(sprintf(gettext("%s has multiple possible source pages"), $page));
                        }
                        }
-               },
-       }, $config{srcdir});
-       foreach my $dir (@{$config{underlaydirs}}, $config{underlaydir}) {
+                       $pages{$page}=1;
+               }
+       };
+
+       find({
+               no_chdir => 1,
+               wanted => $helper,
+       }, $dir=$config{srcdir});
+       $underlay=1;
+       foreach (@{$config{underlaydirs}}, $config{underlaydir}) {
                find({
                        no_chdir => 1,
                find({
                        no_chdir => 1,
-                       wanted => sub {
-                               my ($file, $page) = verify_src_file(decode_utf8($_), $dir);
-                               if (defined $file) {
-                                       # avoid underlaydir override
-                                       # attacks; see security.mdwn
-                                       if (! -l "$config{srcdir}/$file" &&
-                                           ! -e _) {
-                                               if (! $pages{$page}) {
-                                                       push @files, $file;
-                                                       $pages{$page}=1;
-                                               }
-                                       }
-                               }
-                               else {
-                                       $File::Find::prune=1;
-                               }
-                       },
-               }, $dir);
+                       wanted => $helper,
+               }, $dir=$_);
        };
        return \@files, \%pages;
 }
        };
        return \@files, \%pages;
 }
@@ -691,24 +682,28 @@ sub gen_autofile ($$$) {
        my $pages=shift;
        my $del=shift;
        
        my $pages=shift;
        my $del=shift;
        
-       if (srcfile($autofile, 1)) {
-               return 0;
+       if (srcfile($autofile, 1) || file_pruned($autofile)) {
+               return;
        }
        }
-
-       my ($file, $page) = verify_src_file("$config{srcdir}/$autofile", $config{srcdir});
        
        
+       my $file="$config{srcdir}/$autofile" =~ /$config{wiki_file_regexp}/; # untaint
+       if (! defined $file || -l $file || -d _ || -e _) {
+               return;
+       }
+
        if ((!defined $file) ||
            (exists $wikistate{$autofiles{$autofile}{plugin}}{autofile_deleted})) {
        if ((!defined $file) ||
            (exists $wikistate{$autofiles{$autofile}{plugin}}{autofile_deleted})) {
-               return 0;
+               return;
        }
        
        }
        
+       my $page = pagename($file);
        if ($pages->{$page}) {
        if ($pages->{$page}) {
-               return 0;
+               return;
        }
 
        if (grep { $_ eq $file } @$del) {
        }
 
        if (grep { $_ eq $file } @$del) {
-               $wikistate{$autofiles{$autofile}{generator}}{autofile_deleted}=1;
-               return 0;
+               $wikistate{$autofiles{$autofile}{plugin}}{autofile_deleted}=1;
+               return;
        }
 
        $autofiles{$autofile}{generator}->();
        }
 
        $autofiles{$autofile}{generator}->();