mirror/flatpak
1
0
Fork 0
mirror of https://github.com/flatpak/flatpak.git synced 2026-04-02 14:27:00 -04:00
Code Issues Packages Projects Releases Wiki Activity

Add test coverage for --persist

Browse Source 
This adds three "positive" tests: the common case --persist=.persist, the
deprecated spelling --persist=/.persist, and the less common special case
--persist=. as used by Steam.

It also adds "negative" tests for CVE-2024-42472: if the --persist
directory is a symbolic link or contains path segment "..", we want that
to be rejected.

Reproduces: CVE-2024-42472, GHSA-7hgv-f2j8-xw87
[smcv: Add "positive" tests]
[smcv: Exercise --persist=..]
[smcv: Assert that --persist with a symlink produces expected message]
Co-authored-by: Simon McVittie <smcv@collabora.com>
Signed-off-by: Simon McVittie <smcv@collabora.com>
This commit is contained in:
Alexander Larsson
2024-06-03 12:59:05 +02:00
committed by Simon McVittie
parent 8a18137d7e
commit db3a785241
1 changed files with 40 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
tests/test-run.sh
View File

@@ -24,7 +24,7 @@ set -euo pipefail
skip_without_bwrap
skip_revokefs_without_fuse
echo "1..21"
echo "1..25"
# Use stable rather than master as the branch so we can test that the run
# command automatically finds the branch correctly
@@ -552,3 +552,42 @@ ${FLATPAK} ${U} info -m org.test.App > out
assert_file_has_content out "^sdk=org\.test\.Sdk/$(flatpak --default-arch)/stable$"
ok "--sdk option"
rm -fr "$HOME/.var/app/org.test.Hello"
mkdir -p "$HOME/.var/app/org.test.Hello"
run --command=sh --persist=.persist org.test.Hello -c 'echo can-persist > .persist/rc'
sed -e 's,^,#--persist=.persist# ,g' < "$HOME/.var/app/org.test.Hello/.persist/rc" >&2
assert_file_has_content "$HOME/.var/app/org.test.Hello/.persist/rc" "can-persist"
ok "--persist=.persist persists a directory"
rm -fr "$HOME/.var/app/org.test.Hello"
mkdir -p "$HOME/.var/app/org.test.Hello"
# G_DEBUG= to avoid the deprecation warning being fatal
G_DEBUG= run --command=sh --persist=/.persist org.test.Hello -c 'echo can-persist > .persist/rc'
sed -e 's,^,#--persist=/.persist# ,g' < "$HOME/.var/app/org.test.Hello/.persist/rc" >&2
assert_file_has_content "$HOME/.var/app/org.test.Hello/.persist/rc" "can-persist"
ok "--persist=/.persist is a deprecated form of --persist=.persist"
rm -fr "$HOME/.var/app/org.test.Hello"
mkdir -p "$HOME/.var/app/org.test.Hello"
run --command=sh --persist=. org.test.Hello -c 'echo can-persist > .persistrc'
sed -e 's,^,#--persist=.# ,g' < "$HOME/.var/app/org.test.Hello/.persistrc" >&2
assert_file_has_content "$HOME/.var/app/org.test.Hello/.persistrc" "can-persist"
ok "--persist=. persists all files"
mkdir "${TEST_DATA_DIR}/inaccessible"
echo FOO > ${TEST_DATA_DIR}/inaccessible/secret-file
rm -fr "$HOME/.var/app/org.test.Hello"
mkdir -p "$HOME/.var/app/org.test.Hello"
ln -fns "${TEST_DATA_DIR}/inaccessible" "$HOME/.var/app/org.test.Hello/persist"
# G_DEBUG= to avoid the warnings being fatal when we reject a --persist option.
# LC_ALL=C so we get the expected non-localized string.
LC_ALL=C G_DEBUG= run --command=ls --persist=persist --persist=relative/../escape org.test.Hello -la ~/persist &> hello_out || true
sed -e 's,^,#--persist=symlink# ,g' < hello_out >&2
assert_file_has_content hello_out "not allowed to avoid sandbox escape"
assert_not_file_has_content hello_out "secret-file"
ok "--persist doesn't allow sandbox escape via a symlink (CVE-2024-42472)"