File::Spec strict mode - path components are just single components

[p5pRT]

Migrated from rt.perl.org#40680 (status was 'open')

Searchable as RT40680$

[p5pRT]

From @epa

Created by @epa

The documentation of File​::Spec->catfile() says that it concatenates one or more directory names and a filename. But in fact it doesn't do much checking that what you passed it are individual path components; the 'filename' could itself be a path like a/b.

This could often be useful\, but on the other hand if you're intending to work with individual path components it would be nice to have a check that you really are supplying them. So if you call catfile('some_dir'\, $filename) you can be certain that you'll get back a file underneath some_dir - not a subdirectory several levels deep\, or outside some_dir altogether. This would be particularly useful when dealing with untrusted user input.

  use File​::Spec;   print File​::Spec->catfile('a'\, 'b'\, '../../../x');

In 'strict' mode this would throw an exception\, as would

  print File​::Spec->catfile('a'\, '/b'\, 'x');

or other cases where any of the arguments aren't atomic path components.

I'll be happy to write a patch for this if you agree with the principle.

Perl Info

``` Flags: category=utilities severity=wishlist Site configuration information for perl v5.8.7: Configured by gerrit at Fri Dec 30 02:40:15 2005. Summary of my perl5 (revision 5 version 8 subversion 7) configuration: Platform: osname=cygwin, osvers=1.5.18(0.13242), archname=cygwin-thread-multi-64int uname='cygwin_nt-5.1 inspiron 1.5.18(0.13242) 2005-07-02 20:30 i686 unknown unknown cygwin ' config_args='-de -Dmksymlinks -Duse64bitint -Dusethreads -Uusemymalloc -Doptimize=-O3 -Dman3ext=3pm -Dusesitecustomize' hint=recommended, useposix=true, d_sigaction=define usethreads=define use5005threads=undef useithreads=define usemultiplicity=define useperlio=define d_sfio=undef uselargefiles=define usesocks=undef use64bitint=define use64bitall=undef uselongdouble=undef usemymalloc=n, bincompat5005=undef Compiler: cc='gcc', ccflags ='-DPERL_USE_SAFE_PUTENV -fno-strict-aliasing -pipe -I/usr/local/include', optimize='-O3', cppflags='-DPERL_USE_SAFE_PUTENV -fno-strict-aliasing -pipe -I/usr/local/include' ccversion='', gccversion='3.4.4 (cygming special) (gdc 0.12, using dmd 0.125)', gccosandvers='' intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=12345678 d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12 ivtype='long long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8 alignbytes=8, prototype=define Linker and Libraries: ld='ld2', ldflags =' -s -L/usr/local/lib' libpth=/usr/local/lib /lib /usr/lib libs=-lgdbm -ldb -lcrypt -lgdbm_compat perllibs=-lcrypt -lgdbm_compat libc=/usr/lib/libc.a, so=dll, useshrplib=true, libperl=libperl.a gnulibc_version='' Dynamic Linking: dlsrc=dl_dlopen.xs, dlext=dll, d_dlsymun=undef, ccdlflags=' -s' cccdlflags=' ', lddlflags=' -s -L/usr/local/lib' Locally applied patches: SPRINTF0 - fixes for sprintf formatting issues - CVE-2005-3962 @INC for perl v5.8.7: /cygdrive/h/lib/perl5/site_perl/5.8/cygwin /cygdrive/h/lib/perl5/site_perl/5.8 /usr/lib/perl5/5.8/cygwin /usr/lib/perl5/5.8 /usr/lib/perl5/site_perl/5.8/cygwin /usr/lib/perl5/site_perl/5.8 /usr/lib/perl5/site_perl/5.8/cygwin /usr/lib/perl5/site_perl/5.8 /usr/lib/perl5/vendor_perl/5.8/cygwin /usr/lib/perl5/vendor_perl/5.8 /usr/lib/perl5/vendor_perl/5.8/cygwin /usr/lib/perl5/vendor_perl/5.8 . Environment for perl v5.8.7: HOME=//wcl-fp1/users/eavis LANG=C LANGUAGE (unset) LD_LIBRARY_PATH (unset) LOGDIR (unset) PATH=/usr/bin:/usr/bin:/usr/X11R6/bin:/cygdrive/c/Program Files/Insightful/splus70/:/cygdrive/c/WINDOWS/system32:/cygdrive/c/WINDOWS:/cygdrive/c/WINDOWS/System32/Wbem:/cygdrive/c/Program Files/Microsoft SQL Server/80/Tools/BINN:/cygdrive/h/winnt/gtk/bin:/cygdrive/c/blp/API:/cygdrive/h/winnt/bin:/cygdrive/h/bin:/usr/bin:/usr/bin:/usr/X11R6/bin:/cygdrive/c/Program Files/Insightful/splus70/:/cygdrive/c/WINDOWS/system32:/cygdrive/c/WINDOWS:/cygdrive/c/WINDOWS/System32/Wbem:/cygdrive/c/Program Files/Microsoft SQL Server/80/Tools/BINN:/cygdrive/h/winnt/gtk/bin:/cygdrive/c/blp/API PERL5LIB=/cygdrive/h/lib/perl5/site_perl/5.8 PERL_BADLANG (unset) SHELL (unset) ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________ ```

[p5pRT]

From @epa

Created by @epa

The documentation of File​::Spec->catfile() says that it concatenates one or more directory names and a filename. But in fact it doesn't do much checking that what you passed it are individual path components; the 'filename' could itself be a path like a/b.

This could often be useful\, but on the other hand if you're intending to work with individual path components it would be nice to have a check that you really are supplying them. So if you call catfile('some_dir'\, $filename) you can be certain that you'll get back a file underneath some_dir - not a subdirectory several levels deep\, or outside some_dir altogether. This would be particularly useful when dealing with untrusted user input.

  use File​::Spec;   print File​::Spec->catfile('a'\, 'b'\, '../../../x');

In 'strict' mode this would throw an exception\, as would

  print File​::Spec->catfile('a'\, '/b'\, 'x');

or other cases where any of the arguments aren't atomic path components.

I'll be happy to write a patch for this if you agree with the principle.

Perl Info

``` Flags: category=utilities severity=wishlist Site configuration information for perl v5.8.7: Configured by gerrit at Fri Dec 30 02:40:15 2005. Summary of my perl5 (revision 5 version 8 subversion 7) configuration: Platform: osname=cygwin, osvers=1.5.18(0.13242), archname=cygwin-thread-multi-64int uname='cygwin_nt-5.1 inspiron 1.5.18(0.13242) 2005-07-02 20:30 i686 unknown unknown cygwin ' config_args='-de -Dmksymlinks -Duse64bitint -Dusethreads -Uusemymalloc -Doptimize=-O3 -Dman3ext=3pm -Dusesitecustomize' hint=recommended, useposix=true, d_sigaction=define usethreads=define use5005threads=undef useithreads=define usemultiplicity=define useperlio=define d_sfio=undef uselargefiles=define usesocks=undef use64bitint=define use64bitall=undef uselongdouble=undef usemymalloc=n, bincompat5005=undef Compiler: cc='gcc', ccflags ='-DPERL_USE_SAFE_PUTENV -fno-strict-aliasing -pipe -I/usr/local/include', optimize='-O3', cppflags='-DPERL_USE_SAFE_PUTENV -fno-strict-aliasing -pipe -I/usr/local/include' ccversion='', gccversion='3.4.4 (cygming special) (gdc 0.12, using dmd 0.125)', gccosandvers='' intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=12345678 d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12 ivtype='long long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8 alignbytes=8, prototype=define Linker and Libraries: ld='ld2', ldflags =' -s -L/usr/local/lib' libpth=/usr/local/lib /lib /usr/lib libs=-lgdbm -ldb -lcrypt -lgdbm_compat perllibs=-lcrypt -lgdbm_compat libc=/usr/lib/libc.a, so=dll, useshrplib=true, libperl=libperl.a gnulibc_version='' Dynamic Linking: dlsrc=dl_dlopen.xs, dlext=dll, d_dlsymun=undef, ccdlflags=' -s' cccdlflags=' ', lddlflags=' -s -L/usr/local/lib' Locally applied patches: SPRINTF0 - fixes for sprintf formatting issues - CVE-2005-3962 @INC for perl v5.8.7: /cygdrive/h/lib/perl5/site_perl/5.8/cygwin /cygdrive/h/lib/perl5/site_perl/5.8 /usr/lib/perl5/5.8/cygwin /usr/lib/perl5/5.8 /usr/lib/perl5/site_perl/5.8/cygwin /usr/lib/perl5/site_perl/5.8 /usr/lib/perl5/site_perl/5.8/cygwin /usr/lib/perl5/site_perl/5.8 /usr/lib/perl5/vendor_perl/5.8/cygwin /usr/lib/perl5/vendor_perl/5.8 /usr/lib/perl5/vendor_perl/5.8/cygwin /usr/lib/perl5/vendor_perl/5.8 . Environment for perl v5.8.7: HOME=//wcl-fp1/users/eavis LANG=C LANGUAGE (unset) LD_LIBRARY_PATH (unset) LOGDIR (unset) PATH=/usr/bin:/usr/bin:/usr/X11R6/bin:/cygdrive/c/Program Files/Insightful/splus70/:/cygdrive/c/WINDOWS/system32:/cygdrive/c/WINDOWS:/cygdrive/c/WINDOWS/System32/Wbem:/cygdrive/c/Program Files/Microsoft SQL Server/80/Tools/BINN:/cygdrive/h/winnt/gtk/bin:/cygdrive/c/blp/API:/cygdrive/h/winnt/bin:/cygdrive/h/bin:/usr/bin:/usr/bin:/usr/X11R6/bin:/cygdrive/c/Program Files/Insightful/splus70/:/cygdrive/c/WINDOWS/system32:/cygdrive/c/WINDOWS:/cygdrive/c/WINDOWS/System32/Wbem:/cygdrive/c/Program Files/Microsoft SQL Server/80/Tools/BINN:/cygdrive/h/winnt/gtk/bin:/cygdrive/c/blp/API PERL5LIB=/cygdrive/h/lib/perl5/site_perl/5.8 PERL_BADLANG (unset) SHELL (unset) ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________
k�k-z��k+���Z��&N牺]|ם:߽�Ӥ^���=�a�ׯz��J�u�ܢ`ޖ+ޭ�S��iz�y��ei�z�^��&E�����f��n��H���u���w�Š���n�m4�^t�~��MyǢ��_����ƥ��-BΕ��u�ޖ�)z�(�]��M[�ZjXh��"��L�|&�v�N��N��M4��z+�v���]������$y��jX��_ �]�ӭyӭ��M4]*Z�+Z�� ����+z����|�׬��@`D���� 8��,�E]*Z�(^r@r���u�ޖ�)z�(��z+�u#ŝ뭭�q�ׯzZ(��ܢihq�i�X���z+�u���V��ׯzZ(��ܢa�,�uu�ޖ�)z�(����]��^�o)Z�^��h���r���ɭ�����"��L��{_ �]�ӭ<ӭ�ӽ4E�����f��n��ȧ��u���ݶ�_ �]�ӭyӭ��M4 �b���u:)z�[� ^�Z+��z+�v���]�߭"��$y��jX��_ �]�ӭyӭ��M4E����H�ij�1�ׯzZ(��ܢihq�i�X���z+�u����rƶ�jw(�q:�rƶ�jw(�_x��{�M�V��ׯzZ(��ܢj��kiw�6���#=;���n�m4�O4�^��MyǢ��_���y�(���jw(�_x��{����ܱ��Z��&�&���bwM[��:k���^�{]]o���M4ٽ�o��;���n�m4�^��M��]4E����~�&�M��M���0�jn���jw(�]6ߝ6����뤭�Z��&��[�+���u�+a#>'P �����^�V����N������M:׭6�ϴ�M
I3�Ơx�����/{ӭ8�[���Z��& �^N������M:׭9㟴�M����������ޅ�����jw(�K�����w^���w^t�h�v�,�m4�Nu��W��*'�D����n�)z�h��n7��,"��f�ۥy��{e�G�����اz�趋r���{^�����^��镨�r���n�������h��B�{^���j{z�'r�b�ڱ��\�0�+���z�W4 ��؟��u]X����y�t(^rG�]X����y�t(^rG�\�]J�� ���jl]z�^��&\�]J��J֭��h�+l��ު��y�4��-�-40����N4�]4E����~�&�M��M���0�jn���jw(�]6ߝ6����뤭�Z��&��[�+���u�+a#>'J 7��_��^�V����Y�u����M:�M����M
I3�Ơx����`�ӭ4�ۤ��Z��& �^Y�u����M:�N5�O��M����������ޅ�����jw(�K�����w^���w^t�h�v�,�m4�Nu��W��*'�D����n�)z�h��n7��,"��f�ۥy��{e�G�����اz�趋r���{^�����^��镨�r���n�������h��B�{^���j{z�'r�b�ڱ��\�0�+���z�W4 ��؟��u]X����y�t(^rG�]X����y�t(^rG�\�]J�� ���jl]z�^��&\�]J��J֭��h�+l��ު��y�4��-�-40����N4

[p5pRT]

From guest@guest.guest.xxxxxxxx

The documentation of File​::Spec->catfile() says that it concatenates one or more directory names and a filename. But in fact it doesn't do much checking that what you passed it are individual path components; the 'filename' could itself be a path like a/b.

This could often be useful\, but on the other hand if you're intending to work with individual path components it would be nice to have a check that you really are supplying them. So if you call catfile('some_dir'\, $filename) you can be certain that you'll get back a file underneath some_dir - not a subdirectory several levels deep\, or outside some_dir altogether. This would be particularly useful when dealing with untrusted user input.

  use File​::Spec;   print File​::Spec->catfile('a'\, 'b'\, '../../../x');

In 'strict' mode this would throw an exception\, as would

  print File​::Spec->catfile('a'\, '/b'\, 'x');

or other cases where any of the arguments aren't atomic path components.

I'll be happy to write a patch for this if you agree with the principle.

[p5pRT]

The RT System itself - Status changed from 'new' to 'open'