Skip to content

Commit 2ee3e4c

Browse files
committed
FIXME: directory traversal vulnerability in agent codepath
Function Load() could be used to overwrite any files with user-controlled input of plugin name. Must do path validation before further procedure of plugin downlaoding. Signed-off-by: shenping.matt <[email protected]>
1 parent 65b7478 commit 2ee3e4c

File tree

1 file changed

+7
-0
lines changed

1 file changed

+7
-0
lines changed

agent/plugin/plugin_linux.go

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -66,6 +66,13 @@ func Load(ctx context.Context, config proto.Config) (plg *Plugin, err error) {
6666
logger := zap.S().With("plugin", config.Name, "pver", config.Version, "psign", config.Signature)
6767
logger.Info("plugin is loading...")
6868
workingDirectory := path.Join(agent.WorkingDirectory, "plugin", config.Name)
69+
patternDirectory := path.Join(agent.WorkingDirectory, "plugin", "*")
70+
match, err := path.Match(patternDirectory, workingDirectory);
71+
if match != true {
72+
logger.Warn("invalid path & name for plugin: ", config.Name)
73+
return
74+
}
75+
6976
// for compatibility
7077
os.Remove(path.Join(workingDirectory, config.Name+".stderr"))
7178
os.Remove(path.Join(workingDirectory, config.Name+".stdout"))

0 commit comments

Comments
 (0)