[#3906] Fix root-file handling

Added changelog delta src/lib/util/filesystem.cc PathChecker::validatePath() - catch root-file src/lib/util/tests/filesystem_unittests.cc TEST_F(PathCheckerTest, validatePathEnforcePath) TEST_F(PathCheckerTest, validatePathEnforcePathFalse) - added test cases
2025-08-22 01:49:48 +00:00 · 2025-05-23 15:51:11 -04:00 · 2025-05-23 15:51:11 -04:00 · bad7240b90
commit bad7240b90
parent 5e29f8322d
3 changed files with 26 additions and 3 deletions
--- a/changelog_unreleased/3906-path-validation-should-reject-root-slash-file
+++ b/changelog_unreleased/3906-path-validation-should-reject-root-slash-file
@ -0,0 +1,7 @@
+[bug]		tmark
+	Fixed an issue in path validation where
+	the opening slash in a root-file path such
+	as "/myfile.log" is discarded causing the server
+	to prepend the supported path to the file name
+	rather than reject the entry.
+	(Gitlab #3906)
--- a/src/lib/util/filesystem.cc
+++ b/src/lib/util/filesystem.cc
@ -282,16 +282,18 @@ PathChecker::validatePath(const std::string input_path_str,
    }

    auto parent_path = input_path.parentPath();
-    if (!parent_path.empty()) {
+    auto parent_dir = input_path.parentDirectory();
+    if (!parent_dir.empty()) {
        if (!enforce_path) {
            // Security set to lax, let it fly.
            return (input_path_str);
        }

        // We only allow absolute path equal to default. Catch an invalid path.
-        if (parent_path != path_) {
+        if ((parent_path != path_) || (parent_dir == "/")) {
            isc_throw(BadValue, "invalid path specified: '"
-                      << parent_path << "', supported path is '"
+                      << (parent_path.empty() ? "/" : parent_path)
+                      << "', supported path is '"
                      << path_ << "'");
        }
    }
--- a/src/lib/util/tests/filesystem_unittests.cc
+++ b/src/lib/util/tests/filesystem_unittests.cc
@ -308,6 +308,13 @@ TEST_F(PathCheckerTest, validatePathEnforcePath) {
    };

    std::list<Scenario> scenarios = {
+    {
+        // Invalid root parent path.
+        __LINE__,
+        "/mylib.so",
+        "",
+        string("invalid path specified: '/', supported path is '" + def_path + "'")
+    },
    {
        // Invalid parent path.
        __LINE__,
@ -383,6 +390,13 @@ TEST_F(PathCheckerTest, validatePathEnforcePathFalse) {
    };

    std::list<Scenario> scenarios = {
+    {
+        // Invalid root parent path.
+        __LINE__,
+        "/mylib.so",
+        "/mylib.so",
+        "",
+    },
    {
        // Invalid parent path but shouldn't care.
        __LINE__,