Guard against path traversal and leading '|'

jacobvosmaer · jacobvosmaer · commit 633b2aaa780a · 2014-12-09T15:36:52.000+01:00
This change adds some checks against path traversal ('..') and
accidentally shelling out (opening a file starting with '|').
diff --git a/lib/grit/git-ruby/repository.rb b/lib/grit/git-ruby/repository.rb
@@ -683,7 +683,9 @@ def self.create_initial_config(bare = false)
       end
 
       def self.add_file(name, contents)
-        File.open(name, 'w') do |f|
+        path = File.join(Dir.pwd, name)
+        raise "Invalid path: #{path}" unless File.absolute_path(path) == path
+        File.open(path, 'w') do |f|
           f.write contents
         end
       end
diff --git a/lib/grit/git.rb b/lib/grit/git.rb
@@ -117,15 +117,19 @@ def shell_escape(str)
     #
     # Returns Boolean
     def fs_exist?(file)
-      File.exist?(File.join(self.git_dir, file))
+      path = File.join(self.git_dir, file)
+      raise "Invalid path: #{path}" unless File.absolute_path(path) == path
+      File.exist?(path)
     end
 
     # Read a normal file from the filesystem.
     #   +file+ is the relative path from the Git dir
     #
     # Returns the String contents of the file
     def fs_read(file)
-      File.read(File.join(self.git_dir, file))
+      path = File.join(self.git_dir, file)
+      raise "Invalid path: #{path}" unless File.absolute_path(path) == path
+      File.read(path)
     end
 
     # Write a normal file to the filesystem.
@@ -135,6 +139,7 @@ def fs_read(file)
     # Returns nothing
     def fs_write(file, contents)
       path = File.join(self.git_dir, file)
+      raise "Invalid path: #{path}" unless File.absolute_path(path) == path
       FileUtils.mkdir_p(File.dirname(path))
       File.open(path, 'w') do |f|
         f.write(contents)
