diff options
| -rw-r--r-- | interfaces/builtin/content.go | 8 | ||||
| -rw-r--r-- | interfaces/builtin/content_test.go | 10 |
2 files changed, 11 insertions, 7 deletions
diff --git a/interfaces/builtin/content.go b/interfaces/builtin/content.go index f50af5c038..9399e707be 100644 --- a/interfaces/builtin/content.go +++ b/interfaces/builtin/content.go @@ -35,6 +35,10 @@ func (iface *ContentInterface) Name() string { return "content" } +func cleanSubPath(path string) bool { + return filepath.Clean(path) == path && path != ".." && !strings.HasPrefix(path, "../") +} + func (iface *ContentInterface) SanitizeSlot(slot *interfaces.Slot) error { if iface.Name() != slot.Interface { panic(fmt.Sprintf("slot is not of interface %q", iface)) @@ -51,7 +55,7 @@ func (iface *ContentInterface) SanitizeSlot(slot *interfaces.Slot) error { paths := rpath paths = append(paths, wpath...) for _, p := range paths { - if strings.Contains(p, "..") { + if !cleanSubPath(p) { return fmt.Errorf("content interface path is not clean: %q", p) } } @@ -67,7 +71,7 @@ func (iface *ContentInterface) SanitizePlug(plug *interfaces.Plug) error { if !ok || len(target) == 0 { return fmt.Errorf("content plug must contain target path") } - if strings.Contains(target, "..") { + if !cleanSubPath(target) { return fmt.Errorf("content interface target path is not clean: %q", target) } diff --git a/interfaces/builtin/content_test.go b/interfaces/builtin/content_test.go index 6124c27caf..a274aa6653 100644 --- a/interfaces/builtin/content_test.go +++ b/interfaces/builtin/content_test.go @@ -46,7 +46,7 @@ slots: content-slot: interface: content read: - - ./shared/read + - shared/read `) info, err := snap.InfoFromSnapYaml(mockSnapYaml) @@ -114,7 +114,7 @@ version: 1.0 plugs: content-plug: interface: content - target: ./import + target: import `) info, err := snap.InfoFromSnapYaml(mockSnapYaml) @@ -165,13 +165,13 @@ slots: content-slot: interface: content read: - - ./shared/read + - shared/read write: - - ./shared/write + - shared/write plugs: content-plug: interface: content - target: ./import + target: import `) info, err := snap.InfoFromSnapYaml(mockSnapYaml) |