mirrors/Mole
1
0
Fork 0
mirror of https://github.com/tw93/Mole.git synced 2026-02-04 12:41:46 +00:00
Code Activity

fix(security): allow Firefox ..files directories in path validation

Browse Source 
Fixes #263

- Change regex from \.\. to (^|/)\.\.(/|$) to only match path components
- Firefox uses ..files suffix in IndexedDB dirs (e.g., name..files)
- Still blocks actual traversal: /tmp/../etc
- Added test cases for Firefox compatibility
- All 16 tests passing
This commit is contained in:
Tw93
2026-01-06 09:51:34 +08:00
parent 3ef44efcf9
commit d3f1cdd834
3 changed files with 24 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
SECURITY_AUDIT.md
View File

@@ -291,7 +291,7 @@ bats tests/security.bats # Run specific suite
| Standard | Implementation | | Standard | Implementation |
|----------|----------------| |----------|----------------|
| OWASP Secure Coding | Input validation, least privilege, defense-in-depth | | OWASP Secure Coding | Input validation, least privilege, defense-in-depth |
| CWE-22 (Path Traversal) | Absolute path enforcement, `../` rejection | | CWE-22 (Path Traversal) | Enhanced detection: rejects `/../` components while allowing `..` in directory names (Firefox compatibility) |
| CWE-78 (Command Injection) | Control character filtering | | CWE-78 (Command Injection) | Control character filtering |
| CWE-59 (Link Following) | Symlink detection before privileged operations | | CWE-59 (Link Following) | Symlink detection before privileged operations |
| Apple File System Guidelines | Respects SIP, Read-Only Volumes, TCC | | Apple File System Guidelines | Respects SIP, Read-Only Volumes, TCC |

4
lib/core/file_ops.sh
View File

@@ -46,7 +46,9 @@ validate_path_for_deletion() {
fi fi
# Check for path traversal attempts # Check for path traversal attempts
if [[ "$path" =~ \.\. ]]; then # Only reject .. when it appears as a complete path component (/../ or /.. or ../)
# This allows legitimate directory names containing .. (e.g., Firefox's "name..files")
if [[ "$path" =~ (^|/)\.\.(\/|$) ]]; then
log_error "Path validation failed: path traversal not allowed: $path" log_error "Path validation failed: path traversal not allowed: $path"
return 1 return 1
fi fi

20
tests/core_safe_functions.bats
View File

@@ -43,6 +43,26 @@ teardown() {
@test "validate_path_for_deletion rejects path traversal" { @test "validate_path_for_deletion rejects path traversal" {
run bash -c "source '$PROJECT_ROOT/lib/core/common.sh'; validate_path_for_deletion '/tmp/../etc'" run bash -c "source '$PROJECT_ROOT/lib/core/common.sh'; validate_path_for_deletion '/tmp/../etc'"
[ "$status" -eq 1 ] [ "$status" -eq 1 ]
# Test other path traversal patterns
run bash -c "source '$PROJECT_ROOT/lib/core/common.sh'; validate_path_for_deletion '/var/log/../../etc'"
[ "$status" -eq 1 ]
run bash -c "source '$PROJECT_ROOT/lib/core/common.sh'; validate_path_for_deletion '$TEST_DIR/..'"
[ "$status" -eq 1 ]
}
@test "validate_path_for_deletion accepts Firefox-style ..files directories" {
# Firefox uses ..files suffix in IndexedDB directory names
run bash -c "source '$PROJECT_ROOT/lib/core/common.sh'; validate_path_for_deletion '$TEST_DIR/2753419432nreetyfallipx..files'"
[ "$status" -eq 0 ]
run bash -c "source '$PROJECT_ROOT/lib/core/common.sh'; validate_path_for_deletion '$TEST_DIR/storage/default/https+++www.netflix.com/idb/name..files/data'"
[ "$status" -eq 0 ]
# Directories with .. in the middle of names should be allowed
run bash -c "source '$PROJECT_ROOT/lib/core/common.sh'; validate_path_for_deletion '$TEST_DIR/test..backup/file.txt'"
[ "$status" -eq 0 ]
} }
@test "validate_path_for_deletion rejects system directories" { @test "validate_path_for_deletion rejects system directories" {