| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152 |
- # Test that path traversal attacks are blocked during file(ARCHIVE_EXTRACT)
- set(EXTRACT_DIR "${CMAKE_CURRENT_BINARY_DIR}/extract_dir")
- set(PARENT_DIR "${CMAKE_CURRENT_BINARY_DIR}")
- set(MALICIOUS_FILE "${PARENT_DIR}/SHOULD_NOT_EXIST.txt")
- # Clean up
- file(REMOVE_RECURSE "${EXTRACT_DIR}")
- file(REMOVE "${MALICIOUS_FILE}")
- file(MAKE_DIRECTORY "${EXTRACT_DIR}")
- # Create a malicious tar archive using Python
- # The archive contains a file with path "../SHOULD_NOT_EXIST.txt"
- set(MALICIOUS_TAR "${CMAKE_CURRENT_BINARY_DIR}/malicious.tar")
- file(REMOVE "${MALICIOUS_TAR}")
- execute_process(
- COMMAND "${Python_EXECUTABLE}" -c [==[
- import sys
- import tarfile
- import io
- # Create a tar archive in memory
- tar_data = io.BytesIO()
- with tarfile.open(fileobj=tar_data, mode='w') as tar:
- # Add a file with path traversal
- data = b'malicious content'
- info = tarfile.TarInfo(name='../SHOULD_NOT_EXIST.txt')
- info.size = len(data)
- tar.addfile(info, io.BytesIO(data))
- # Write to file
- with open(sys.argv[1], 'wb') as f:
- f.write(tar_data.getvalue())
- ]==] "${MALICIOUS_TAR}"
- RESULT_VARIABLE result
- )
- if(NOT result EQUAL 0)
- message(FATAL_ERROR "Failed to create malicious tar archive")
- endif()
- # Try to extract the malicious archive using file(ARCHIVE_EXTRACT)
- file(ARCHIVE_EXTRACT
- INPUT "${MALICIOUS_TAR}"
- DESTINATION "${EXTRACT_DIR}"
- )
- # The file should not exist outside the extraction directory
- if(EXISTS "${MALICIOUS_FILE}")
- message(FATAL_ERROR "PATH TRAVERSAL VULNERABILITY: File was created outside extraction directory!")
- endif()
|
