From: Jacob Bachmeyer Date: Wed, 19 Oct 2022 01:58:28 +0000 (-0500) Subject: Tighten allowed file names X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=51736e1d99e11ed69023f93b5d64ea835d6fc1a0;p=gatekeeper.git Tighten allowed file names --- diff --git a/gatekeeper.pl b/gatekeeper.pl index 44e1c51..8549e82 100755 --- a/gatekeeper.pl +++ b/gatekeeper.pl @@ -450,10 +450,10 @@ require File::Spec::Unix; # ensure that File::Spec::Unix is loaded # note that loading File::Spec earlier almost certainly made this a no-op # regex matching an acceptable filename in "this" directory -# must begin with alphanumeric, underscore, or plus sign -# and contain only those characters, plus hyphen, dot, and tilde +# must begin with an alphanumeric character +# and contain only alphanumeric, underscore, plus sign, hyphen, dot, and tilde # note that an acceptable filename may not begin with dot, so ".." is out -my $RE_filename_here = qr/[[:alnum:]_+][-.[:alnum:]_+~]*/; +my $RE_filename_here = qr/[[:alnum:]][-.[:alnum:]_+~]*/; # regex matching an acceptable relative filename in POSIX syntax # all components must be acceptable filenames # empty components are not allowed diff --git a/testsuite/gatekeeper.all/00_idle.exp b/testsuite/gatekeeper.all/00_idle.exp index 8c47d73..4ed6d39 100644 --- a/testsuite/gatekeeper.all/00_idle.exp +++ b/testsuite/gatekeeper.all/00_idle.exp @@ -50,7 +50,7 @@ age_file [file join $tenv incoming bogus2] "2 minutes 15 seconds ago" age_file [file join $tenv incoming bogus3] "1 minute ago" foreach file { - _bogus +bogus __bogus _+bogus _-bogus _~bogus _.bogus + bo_gus bo+gus bo-gus bo~gus bo.gus } { put_file [file join $tenv incoming ${file}] "bogus file $file\n" age_file [file join $tenv incoming ${file}] "3 minutes ago" @@ -58,7 +58,7 @@ foreach file { # files which are to be rejected, ignored, and removed foreach file { - x=x .abcfoobar -abcfoobar x;x \\~xax x*x x:x x?x ;xax + x=x .abcfoobar -abcfoobar x;x \\~xax x*x x:x x?x ;xax _x +x } { put_file [file join $tenv incoming ${file}] "bogus input $file\n" age_file [file join $tenv incoming ${file}] "3 minutes ago" @@ -72,7 +72,7 @@ analyze_file_tree $tenv "idle processing: bogus files" { incoming } files { bogus1 bogus2 bogus3 - _bogus +bogus __bogus _+bogus _-bogus _~bogus _.bogus + bo_gus bo+gus bo-gus bo~gus bo.gus } analyze_file_tree $tenv "idle processing: bogus files" { in-stage stage pub archive @@ -87,13 +87,11 @@ analyze_log $tenv "idle processing: bogus files" { recent,bogus3 "skipped recent file: bogus3" - scan,_bogus "scan found file: _bogus" - scan,+bogus "scan found file: +bogus" - scan,__bogus "scan found file: __bogus" - scan,_+bogus "scan found file: _+bogus" - scan,_-bogus "scan found file: _-bogus" - scan,_~bogus "scan found file: _~bogus" - scan,_.bogus "scan found file: _.bogus" + scan,bo_gus "scan found file: bo_gus" + scan,bo+gus "scan found file: bo+gus" + scan,bo-gus "scan found file: bo-gus" + scan,bo~gus "scan found file: bo~gus" + scan,bo.gus "scan found file: bo.gus" !scan,x=x "ignored file: x=x" !scan,.abcfoobar "ignored file: .abcfoobar" @@ -104,6 +102,8 @@ analyze_log $tenv "idle processing: bogus files" { !scan,x:x "ignored file: x:x " !scan,x?x "ignored file: x?x" !scan,;xax "ignored file: ;xax" + !scan,_x "ignored file: _x" + !scan,+x "ignored file: +x" } analyze_no_mail $tenv "idle processing: bogus files"