Skip to content

Commit

Permalink
Don't panic on invalid security whitelist regexp
Browse files Browse the repository at this point in the history
Fixes #11176
  • Loading branch information
bep committed Jun 28, 2023
1 parent fa0e16f commit 7f698c8
Show file tree
Hide file tree
Showing 7 changed files with 39 additions and 21 deletions.
12 changes: 6 additions & 6 deletions config/security/securityConfig.go
Original file line number Diff line number Diff line change
Expand Up @@ -34,22 +34,22 @@ const securityConfigKey = "security"
// DefaultConfig holds the default security policy.
var DefaultConfig = Config{
Exec: Exec{
Allow: NewWhitelist(
Allow: MustNewWhitelist(
"^(dart-)?sass(-embedded)?$", // sass, dart-sass, dart-sass-embedded.
"^go$", // for Go Modules
"^npx$", // used by all Node tools (Babel, PostCSS).
"^postcss$",
),
// These have been tested to work with Hugo's external programs
// on Windows, Linux and MacOS.
OsEnv: NewWhitelist(`(?i)^((HTTPS?|NO)_PROXY|PATH(EXT)?|APPDATA|TE?MP|TERM|GO\w+)$`),
OsEnv: MustNewWhitelist(`(?i)^((HTTPS?|NO)_PROXY|PATH(EXT)?|APPDATA|TE?MP|TERM|GO\w+)$`),
},
Funcs: Funcs{
Getenv: NewWhitelist("^HUGO_", "^CI$"),
Getenv: MustNewWhitelist("^HUGO_", "^CI$"),
},
HTTP: HTTP{
URLs: NewWhitelist(".*"),
Methods: NewWhitelist("(?i)GET|POST"),
URLs: MustNewWhitelist(".*"),
Methods: MustNewWhitelist("(?i)GET|POST"),
},
}

Expand Down Expand Up @@ -221,7 +221,7 @@ func stringSliceToWhitelistHook() mapstructure.DecodeHookFuncType {

wl := types.ToStringSlicePreserveString(data)

return NewWhitelist(wl...), nil
return NewWhitelist(wl...)

}
}
Expand Down
23 changes: 18 additions & 5 deletions config/security/whitelist.go
Original file line number Diff line number Diff line change
Expand Up @@ -45,9 +45,9 @@ func (w Whitelist) MarshalJSON() ([]byte, error) {
// NewWhitelist creates a new Whitelist from zero or more patterns.
// An empty patterns list or a pattern with the value 'none' will create
// a whitelist that will Accept none.
func NewWhitelist(patterns ...string) Whitelist {
func NewWhitelist(patterns ...string) (Whitelist, error) {
if len(patterns) == 0 {
return Whitelist{acceptNone: true}
return Whitelist{acceptNone: true}, nil
}

var acceptSome bool
Expand All @@ -68,7 +68,7 @@ func NewWhitelist(patterns ...string) Whitelist {
if !acceptSome {
return Whitelist{
acceptNone: true,
}
}, nil
}

var patternsr []*regexp.Regexp
Expand All @@ -78,10 +78,23 @@ func NewWhitelist(patterns ...string) Whitelist {
if p == "" {
continue
}
patternsr = append(patternsr, regexp.MustCompile(p))
re, err := regexp.Compile(p)
if err != nil {
return Whitelist{}, fmt.Errorf("failed to compile whitelist pattern %q: %w", p, err)
}
patternsr = append(patternsr, re)
}

return Whitelist{patterns: patternsr, patternsStrings: patternsStrings}
return Whitelist{patterns: patternsr, patternsStrings: patternsStrings}, nil
}

// MustNewWhitelist creates a new Whitelist from zero or more patterns and panics on error.
func MustNewWhitelist(patterns ...string) Whitelist {
w, err := NewWhitelist(patterns...)
if err != nil {
panic(err)
}
return w
}

// Accept reports whether name is whitelisted.
Expand Down
12 changes: 6 additions & 6 deletions config/security/whitelist_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,21 +24,21 @@ func TestWhitelist(t *testing.T) {
c := qt.New(t)

c.Run("none", func(c *qt.C) {
c.Assert(NewWhitelist("none", "foo").Accept("foo"), qt.IsFalse)
c.Assert(NewWhitelist().Accept("foo"), qt.IsFalse)
c.Assert(NewWhitelist("").Accept("foo"), qt.IsFalse)
c.Assert(NewWhitelist(" ", " ").Accept("foo"), qt.IsFalse)
c.Assert(MustNewWhitelist("none", "foo").Accept("foo"), qt.IsFalse)
c.Assert(MustNewWhitelist().Accept("foo"), qt.IsFalse)
c.Assert(MustNewWhitelist("").Accept("foo"), qt.IsFalse)
c.Assert(MustNewWhitelist(" ", " ").Accept("foo"), qt.IsFalse)
c.Assert(Whitelist{}.Accept("foo"), qt.IsFalse)
})

c.Run("One", func(c *qt.C) {
w := NewWhitelist("^foo.*")
w := MustNewWhitelist("^foo.*")
c.Assert(w.Accept("foo"), qt.IsTrue)
c.Assert(w.Accept("mfoo"), qt.IsFalse)
})

c.Run("Multiple", func(c *qt.C) {
w := NewWhitelist("^foo.*", "^bar.*")
w := MustNewWhitelist("^foo.*", "^bar.*")
c.Assert(w.Accept("foo"), qt.IsTrue)
c.Assert(w.Accept("bar"), qt.IsTrue)
c.Assert(w.Accept("mbar"), qt.IsFalse)
Expand Down
3 changes: 2 additions & 1 deletion hugolib/integrationtest_builder.go
Original file line number Diff line number Diff line change
Expand Up @@ -381,7 +381,8 @@ func (s *IntegrationTestBuilder) initBuilder() error {
s.Assert(os.Chdir(s.Cfg.WorkingDir), qt.IsNil)
s.C.Cleanup(func() { os.Chdir(wd) })
sc := security.DefaultConfig
sc.Exec.Allow = security.NewWhitelist("npm")
sc.Exec.Allow, err = security.NewWhitelist("npm")
s.Assert(err, qt.IsNil)
ex := hexec.New(sc)
command, err := ex.New("npm", "install")
s.Assert(err, qt.IsNil)
Expand Down
4 changes: 3 additions & 1 deletion hugolib/testhelpers_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -834,7 +834,9 @@ func (s *sitesBuilder) GetPageRel(p page.Page, ref string) page.Page {

func (s *sitesBuilder) NpmInstall() hexec.Runner {
sc := security.DefaultConfig
sc.Exec.Allow = security.NewWhitelist("npm")
var err error
sc.Exec.Allow, err = security.NewWhitelist("npm")
s.Assert(err, qt.IsNil)
ex := hexec.New(sc)
command, err := ex.New("npm", "install")
s.Assert(err, qt.IsNil)
Expand Down
4 changes: 3 additions & 1 deletion markup/pandoc/convert_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,9 @@ func TestConvert(t *testing.T) {
}
c := qt.New(t)
sc := security.DefaultConfig
sc.Exec.Allow = security.NewWhitelist("pandoc")
var err error
sc.Exec.Allow, err = security.NewWhitelist("pandoc")
c.Assert(err, qt.IsNil)
p, err := Provider.New(converter.ProviderConfig{Exec: hexec.New(sc), Logger: loggers.NewDefault()})
c.Assert(err, qt.IsNil)
conv, err := p.New(converter.DocumentContext{})
Expand Down
2 changes: 1 addition & 1 deletion markup/rst/convert_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ func TestConvert(t *testing.T) {
}
c := qt.New(t)
sc := security.DefaultConfig
sc.Exec.Allow = security.NewWhitelist("rst", "python")
sc.Exec.Allow = security.MustNewWhitelist("rst", "python")

p, err := Provider.New(
converter.ProviderConfig{
Expand Down

0 comments on commit 7f698c8

Please sign in to comment.