RobustToolbox icon indicating copy to clipboard operation
RobustToolbox copied to clipboard

Published 20 hours ago verified publisher icon space-wizards

ResourcePath.Clean / GetFullPath Errors

Open ElectroJr opened this issue 3 years ago • 0 comments
trafficstars

WritableDirProvider.GetFullPath() has this code snippet:

var relPath = path.Clean().ToRelativeSystemPath();
if (relPath.Contains("\\..") || relPath.Contains("/.."))
{
    // Hard cap on any exploit smuggling a .. in there.
    // Since that could allow leaving sandbox.
    throw new InvalidOperationException("This branch should never be reached.");
}

This causes the console completion for any command like exec /Test/B/.../ (three instead of 2 .) to throw exceptions. I know on some versions of windows, apparently 3+ dots could be used to go back multiple folders, so it makes sense to filter that, but then that should also be handled by path.Clean(), so that it doesn't just raise an exception. Also, even if that gets filtered, currently things like /A/..B/C will still error, so the check in GetFullPath() needs updating anyways.

ElectroJr avatar Jun 09 '22 02:06 ElectroJr