ahuston-0/hydra
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

Helper/Nix: constructRunCommandLogPath: verify uuid is valid

Browse Source 
This shouldn't be possible normally, but it is possible to:

    $db->resultset('RunCommandLogs')->new({ uuid => "../etc/passwd" });

if you have access to the `$db`.
This commit is contained in:
Cole Helbling
2022-01-28 12:45:12 -08:00
parent e381751564
commit 61189ecca9
3 changed files with 18 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/lib/Hydra/Controller/Root.pm
View File

@ -537,8 +537,10 @@ sub runcommandlog :Local :Args(1) {
die if defined $tail && $tail !~ /^[0-9]+$/;
my $runlog = $c->model('DB')->resultset('RunCommandLogs')->find({ uuid => $uuid });
my $logFile = constructRunCommandLogPath($runlog) or notFound($c, "RunCommandLog not found.");
my $runlog = $c->model('DB')->resultset('RunCommandLogs')->find({ uuid => $uuid })
or notFound($c, "The RunCommand log is not available.");
my $logFile = constructRunCommandLogPath($runlog);
if (-f $logFile) {
serveLogFile($c, $logFile, $tail);
return;