begelundmuller
commented
2 weeks ago Hello @paul-tharun, you are right that the .../files/entry API can be used to retrieve any file on the local file system. You would likely be able to achieve a similar effect by creating a model that uses DuckDB SQL to query an arbitrary file path on the local machine.
When running rill start on your local computer, we have a CORS policy in place preventing other websites open in your browser from exploiting these endpoints, but apart from that, we rely on the security of your local computer to guard against abuse from external clients. This is certainly not perfect, but similar to other local developer tools that expose capabilities on localhost.
When it comes to self-hosting Rill on a server exposed to the public internet, that is unfortunately not something we officially support or recommend at the moment (even though it is possible and some people do it, usually behind a proxy that does authentication). For deploying Rill projects, we recommend using Rill Cloud (see the docs for deployment instructions), which has various layers of protection that guard against these kinds of security issues.
Describe the bug The path in
/v1/instances/{instance-id}/files/entry?path=is not escaped properly leading to arbitrary read of any text file on the server .To Reproduce Steps to reproduce the behavior:
/v1/instances/{instance-id}/files/entry?path=../../../../../../../../../etc/passwdresponds back with the contents of the/etc/passwdfileExpected behavior User should only have access to their directory, should not be able to read other files on the server.
Additional context The source of the bug is https://github.com/rilldata/rill/blob/00d9dc7410fdc8550b2a2245fd94ee1b3040d2f3/runtime/drivers/file/repo.go#L74-L86C9 , I can pick it up and open a PR is it is alright .