Skip to content

fix(fxconfig/validation): treat ".." only as a path component, not as…#225

Open
abhayrajjais01 wants to merge 1 commit into
hyperledger:mainfrom
abhayrajjais01:fix/fxconfig-validation-path-traversal-component-check
Open

fix(fxconfig/validation): treat ".." only as a path component, not as…#225
abhayrajjais01 wants to merge 1 commit into
hyperledger:mainfrom
abhayrajjais01:fix/fxconfig-validation-path-traversal-component-check

Conversation

@abhayrajjais01

Copy link
Copy Markdown

Type of change

  • Bug fix
  • Test update

Description

OSFileChecker and OSDirectoryChecker rejected any cleaned path containing the substring "..", which blocked valid paths whose file or directory names include two dots (for example names like foo..backup or config..yaml), not actual traversal

Change: Replace the substring check with a rule that only treats leading .. segments (whole path ".." or prefix ".." + filepath.Separator) as traversal, consistent with paths left by filepath.Clean

Tests: Extended tools/fxconfig/internal/validation/validator_test.go with cases for benign ..-in-name paths, regressions (.., ../…), and internal .. segments that Clean collapses

Additional details (Optional)

Suggested checks:
go test -race ./tools/fxconfig/internal/validation/...
(or go test -race ./tools/fxconfig/... including integration tests if you prefer a full sweep)

… a substring

Signed-off-by: abhayrajjais01 <abhayraj916146@gmail.com>
@abhayrajjais01

Copy link
Copy Markdown
Author

What was wrong?
fxconfig has checks that validate file paths and directory paths before doing things like loading certs or config.

Those checks tried to block path traversal (paths that sneak “upward” using .., like going outside the intended folder).

They did it in a clumsy way: “if the path string contains two dots (..), reject it.”

Why is that bad?
Lots of real, normal names accidentally contain . . together, without meaning “go up one folder”:

A backup folder named myproject..backup
A file named config..yaml
So the checker would say “path traversal not allowed” even when nothing dangerous was happening. Valid setups would be wrongly rejected.

What does the PR fix?
It narrows the rule:
Reject only real “go up” patterns (.. at the start of the path, like ../secret),
not every path that merely has . . somewhere in a name.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant