lib,src,permission: port path.resolve to C++

Co-Authored-By: Carlos Espa <cespatorres@gmail.com>
PR-URL: #50758
Refs: nodejs/security-wg#898
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Paolo Insogna <paolo@cowtech.it>
Reviewed-By: Claudio Wunder <cwunder@gnome.org>

Author: 2 people

node.gyp

@@ -142,6 +142,7 @@
       'src/node_watchdog.cc',
       'src/node_worker.cc',
       'src/node_zlib.cc',
+      'src/path.cc',
       'src/permission/child_process_permission.cc',
       'src/permission/fs_permission.cc',
       'src/permission/inspector_permission.cc',
@@ -262,6 +263,7 @@
       'src/node_wasi.h',
       'src/node_watchdog.h',
       'src/node_worker.h',
+      'src/path.h',
       'src/permission/child_process_permission.h',
       'src/permission/fs_permission.h',
       'src/permission/inspector_permission.h',

src/env.cc

@@ -898,21 +898,25 @@ Environment::Environment(IsolateData* isolate_data,
       options_->allow_native_addons = false;
     }
     flags_ = flags_ | EnvironmentFlags::kNoCreateInspector;
-    permission()->Apply({"*"}, permission::PermissionScope::kInspector);
+    permission()->Apply(this, {"*"}, permission::PermissionScope::kInspector);
     if (!options_->allow_child_process) {
-      permission()->Apply({"*"}, permission::PermissionScope::kChildProcess);
+      permission()->Apply(
+          this, {"*"}, permission::PermissionScope::kChildProcess);
     }
     if (!options_->allow_worker_threads) {
-      permission()->Apply({"*"}, permission::PermissionScope::kWorkerThreads);
+      permission()->Apply(
+          this, {"*"}, permission::PermissionScope::kWorkerThreads);
     }
 
     if (!options_->allow_fs_read.empty()) {
-      permission()->Apply(options_->allow_fs_read,
+      permission()->Apply(this,
+                          options_->allow_fs_read,
                           permission::PermissionScope::kFileSystemRead);
     }
 
     if (!options_->allow_fs_write.empty()) {
-      permission()->Apply(options_->allow_fs_write,
+      permission()->Apply(this,
+                          options_->allow_fs_write,
                           permission::PermissionScope::kFileSystemWrite);
     }
   }

src/path.cc

@@ -0,0 +1,272 @@
+#include "path.h"
+#include <string>
+#include <vector>
+#include "env-inl.h"
+#include "node_internals.h"
+#include "util.h"
+
+namespace node {
+
+#ifdef _WIN32
+bool IsPathSeparator(const char c) noexcept {
+  return c == kPathSeparator || c == '/';
+}
+#else   // POSIX
+bool IsPathSeparator(const char c) noexcept {
+  return c == kPathSeparator;
+}
+#endif  // _WIN32
+
+std::string NormalizeString(const std::string_view path,
+                            bool allowAboveRoot,
+                            const std::string_view separator) {
+  std::string res;
+  int lastSegmentLength = 0;
+  int lastSlash = -1;
+  int dots = 0;
+  char code;
+  const auto pathLen = path.size();
+  for (uint8_t i = 0; i <= pathLen; ++i) {
+    if (i < pathLen) {
+      code = path[i];
+    } else if (IsPathSeparator(path[i])) {
+      break;
+    } else {
+      code = node::kPathSeparator;
+    }
+
+    if (IsPathSeparator(code)) {
+      if (lastSlash == static_cast<int>(i - 1) || dots == 1) {
+        // NOOP
+      } else if (dots == 2) {
+        int len = res.length();
+        if (len < 2 || lastSegmentLength != 2 || res[len - 1] != '.' ||
+            res[len - 2] != '.') {
+          if (len > 2) {
+            auto lastSlashIndex = res.find_last_of(separator);
+            if (lastSlashIndex == std::string::npos) {
+              res = "";
+              lastSegmentLength = 0;
+            } else {
+              res = res.substr(0, lastSlashIndex);
+              len = res.length();
+              lastSegmentLength = len - 1 - res.find_last_of(separator);
+            }
+            lastSlash = i;
+            dots = 0;
+            continue;
+          } else if (len != 0) {
+            res = "";
+            lastSegmentLength = 0;
+            lastSlash = i;
+            dots = 0;
+            continue;
+          }
+        }
+
+        if (allowAboveRoot) {
+          res += res.length() > 0 ? std::string(separator) + ".." : "..";
+          lastSegmentLength = 2;
+        }
+      } else {
+        if (!res.empty()) {
+          res += std::string(separator) +
+                 std::string(path.substr(lastSlash + 1, i - (lastSlash + 1)));
+        } else {
+          res = path.substr(lastSlash + 1, i - (lastSlash + 1));
+        }
+        lastSegmentLength = i - lastSlash - 1;
+      }
+      lastSlash = i;
+      dots = 0;
+    } else if (code == '.' && dots != -1) {
+      ++dots;
+    } else {
+      dots = -1;
+    }
+  }
+
+  return res;
+}
+
+#ifdef _WIN32
+bool IsWindowsDeviceRoot(const char c) noexcept {
+  return (c >= 'a' && c <= 'z') || (c >= 'A' && c <= 'Z');
+}
+
+std::string PathResolve(Environment* env,
+                        const std::vector<std::string_view>& paths) {
+  std::string resolvedDevice = "";
+  std::string resolvedTail = "";
+  bool resolvedAbsolute = false;
+  const size_t numArgs = paths.size();
+  auto cwd = env->GetCwd(env->exec_path());
+
+  for (int i = numArgs - 1; i >= -1 && !resolvedAbsolute; i--) {
+    std::string path;
+    if (i >= 0) {
+      path = std::string(paths[i]);
+    } else if (resolvedDevice.empty()) {
+      path = cwd;
+    } else {
+      // Windows has the concept of drive-specific current working
+      // directories. If we've resolved a drive letter but not yet an
+      // absolute path, get cwd for that drive, or the process cwd if
+      // the drive cwd is not available. We're sure the device is not
+      // a UNC path at this points, because UNC paths are always absolute.
+      std::string resolvedDevicePath;
+      const std::string envvar = "=" + resolvedDevice;
+      credentials::SafeGetenv(envvar.c_str(), &resolvedDevicePath);
+      path = resolvedDevicePath.empty() ? cwd : resolvedDevicePath;
+
+      // Verify that a cwd was found and that it actually points
+      // to our drive. If not, default to the drive's root.
+      if (path.empty() ||
+          (ToLower(path.substr(0, 2)) != ToLower(resolvedDevice) &&
+           path[2] == '/')) {
+        path = resolvedDevice + "\\";
+      }
+    }
+
+    const size_t len = path.length();
+    int rootEnd = 0;
+    std::string device = "";
+    bool isAbsolute = false;
+    const char code = path[0];
+
+    // Try to match a root
+    if (len == 1) {
+      if (IsPathSeparator(code)) {
+        // `path` contains just a path separator
+        rootEnd = 1;
+        isAbsolute = true;
+      }
+    } else if (IsPathSeparator(code)) {
+      // Possible UNC root
+
+      // If we started with a separator, we know we at least have an
+      // absolute path of some kind (UNC or otherwise)
+      isAbsolute = true;
+
+      if (IsPathSeparator(path[1])) {
+        // Matched double path separator at beginning
+        size_t j = 2;
+        size_t last = j;
+        // Match 1 or more non-path separators
+        while (j < len && !IsPathSeparator(path[j])) {
+          j++;
+        }
+        if (j < len && j != last) {
+          const std::string firstPart = path.substr(last, j - last);
+          // Matched!
+          last = j;
+          // Match 1 or more path separators
+          while (j < len && IsPathSeparator(path[j])) {
+            j++;
+          }
+          if (j < len && j != last) {
+            // Matched!
+            last = j;
+            // Match 1 or more non-path separators
+            while (j < len && !IsPathSeparator(path[j])) {
+              j++;
+            }
+            if (j == len || j != last) {
+              // We matched a UNC root
+              device = "\\\\" + firstPart + "\\" + path.substr(last, j - last);
+              rootEnd = j;
+            }
+          }
+        }
+      }
+    } else if (IsWindowsDeviceRoot(code) && path[1] == ':') {
+      // Possible device root
+      device = path.substr(0, 2);
+      rootEnd = 2;
+      if (len > 2 && IsPathSeparator(path[2])) {
+        // Treat separator following drive name as an absolute path
+        // indicator
+        isAbsolute = true;
+        rootEnd = 3;
+      }
+    }
+
+    if (!device.empty()) {
+      if (!resolvedDevice.empty()) {
+        if (ToLower(device) != ToLower(resolvedDevice)) {
+          // This path points to another device so it is not applicable
+          continue;
+        }
+      } else {
+        resolvedDevice = device;
+      }
+    }
+
+    if (resolvedAbsolute) {
+      if (!resolvedDevice.empty()) {
+        break;
+      }
+    } else {
+      resolvedTail = path.substr(rootEnd) + "\\" + resolvedTail;
+      resolvedAbsolute = isAbsolute;
+      if (isAbsolute && !resolvedDevice.empty()) {
+        break;
+      }
+    }
+  }
+
+  // At this point the path should be resolved to a full absolute path,
+  // but handle relative paths to be safe (might happen when process.cwd()
+  // fails)
+
+  // Normalize the tail path
+  resolvedTail = NormalizeString(resolvedTail, !resolvedAbsolute, "\\");
+
+  if (resolvedAbsolute) {
+    return resolvedDevice + "\\" + resolvedTail;
+  }
+
+  if (!resolvedDevice.empty() || !resolvedTail.empty()) {
+    return resolvedDevice + resolvedTail;
+  }
+
+  return ".";
+}
+#else   // _WIN32
+std::string PathResolve(Environment* env,
+                        const std::vector<std::string_view>& paths) {
+  std::string resolvedPath;
+  bool resolvedAbsolute = false;
+  auto cwd = env->GetCwd(env->exec_path());
+  const size_t numArgs = paths.size();
+
+  for (int i = numArgs - 1; i >= -1 && !resolvedAbsolute; i--) {
+    const std::string& path =
+        (i >= 0) ? std::string(paths[i]) : env->GetCwd(env->exec_path());
+
+    if (!path.empty()) {
+      resolvedPath = std::string(path) + "/" + resolvedPath;
+
+      if (path.front() == '/') {
+        resolvedAbsolute = true;
+        break;
+      }
+    }
+  }
+
+  // Normalize the path
+  auto normalizedPath = NormalizeString(resolvedPath, !resolvedAbsolute, "/");
+
+  if (resolvedAbsolute) {
+    return "/" + normalizedPath;
+  }
+
+  if (normalizedPath.empty()) {
+    return ".";
+  }
+
+  return normalizedPath;
+}
+#endif  // _WIN32
+
+}  // namespace node

src/path.h

@@ -0,0 +1,25 @@
+#ifndef SRC_PATH_H_
+#define SRC_PATH_H_
+
+#if defined(NODE_WANT_INTERNALS) && NODE_WANT_INTERNALS
+
+#include <string>
+#include <vector>
+
+namespace node {
+
+class Environment;
+
+bool IsPathSeparator(const char c) noexcept;
+
+std::string NormalizeString(const std::string_view path,
+                            bool allowAboveRoot,
+                            const std::string_view separator);
+
+std::string PathResolve(Environment* env,
+                        const std::vector<std::string_view>& args);
+}  // namespace node
+
+#endif  // defined(NODE_WANT_INTERNALS) && NODE_WANT_INTERNALS
+
+#endif  // SRC_PATH_H_

src/permission/child_process_permission.cc

@@ -9,7 +9,8 @@ namespace permission {
 
 // Currently, ChildProcess manage a single state
 // Once denied, it's always denied
-void ChildProcessPermission::Apply(const std::vector<std::string>& allow,
+void ChildProcessPermission::Apply(Environment* env,
+                                   const std::vector<std::string>& allow,
                                    PermissionScope scope) {
   deny_all_ = true;
 }

src/permission/child_process_permission.h

@@ -12,7 +12,8 @@ namespace permission {
 
 class ChildProcessPermission final : public PermissionBase {
  public:
-  void Apply(const std::vector<std::string>& allow,
+  void Apply(Environment* env,
+             const std::vector<std::string>& allow,
              PermissionScope scope) override;
   bool is_granted(PermissionScope perm,
                   const std::string_view& param = "") const override;

src/permission/fs_permission.cc

@@ -1,7 +1,7 @@
 #include "fs_permission.h"
 #include "base_object-inl.h"
 #include "debug_utils-inl.h"
-#include "util.h"
+#include "path.h"
 #include "v8.h"
 
 #include <fcntl.h>
@@ -117,7 +117,8 @@ namespace permission {
 
 // allow = '*'
 // allow = '/tmp/,/home/example.js'
-void FSPermission::Apply(const std::vector<std::string>& allow,
+void FSPermission::Apply(Environment* env,
+                         const std::vector<std::string>& allow,
                          PermissionScope scope) {
   for (const std::string& res : allow) {
     if (res == "*") {
@@ -130,7 +131,7 @@ void FSPermission::Apply(const std::vector<std::string>& allow,
       }
       return;
     }
-    GrantAccess(scope, res);
+    GrantAccess(scope, PathResolve(env, {res}));
   }
 }