[Safe I/O] Only allow creating files with whitelisted filetypes #682
+18
−0
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
I wrote this on a system that is unable to compile Northstar and without having written C++ for like more than half a year, would be surprised if it even compiles xD |
|
@ASpoonPlaysGames is also working on that (#675), are you aware of that? 😄 |
ngl that PR is kinda dead, i've just not had the time to do much lately. Honestly this PR might be preferable to mine. |
catornot
reviewed
Apr 18, 2024
| } | ||
|
|
||
| // TODO: move into list of global consts? | ||
| std::set<std::string> whitelist = {".txt", ".json"}; |
There was a problem hiding this comment.
Is there a reason for this being a set instead of like an vector or array or is it just an arbitrary choice?
|
@GeckoEidechse you created the branch on the main repo so we cannot update it 😢 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Only allow creating files with whitelisted filetypes to prevent writing
.bator.vbfiles with Safe I/O that could then be called using some exploit (e.g. #674), we should prevent writing file types that by default are interpreted as executable.Whitelisting was chosen over blacklisting as we can always extend the list and don't have to worry about potentially forgetting to blacklist a certain filetype.
Of course this doesn't prevent writing a bash script to a
.txtfile and then somehow getting Windows to interpret it as a batch file.Reading files is not restricted to filetypes as we are primarily concerned with creating files here.
Completely untested atm.
Testing instructions:
(to be extended)
Basically write a save I/O file with and without a disallowed file extension and check that it handles it respectively.