amplify-cli icon indicating copy to clipboard operation
amplify-cli copied to clipboard
verified publisher icon aws-amplify

fix(S3server): Uncontrolled data used in path expression

Open odaysec opened this issue 7 months ago • 0 comments

https://github.com/aws-amplify/amplify-cli/blob/3f255c91e15d52139ba001410929864982f433f0/packages/amplify-storage-simulator/src/server/S3server.ts#L130-L130

fix the issue need to ensure that the constructed filePath is validated to remain within the intended directory (this.localDirectoryPath). This can be achieved by:

  1. Normalizing the constructed path using path.resolve to remove any .. segments.
  2. Verifying that the normalized path starts with the intended root directory (this.localDirectoryPath).
  3. If the path is outside the intended directory, return an appropriate error response (e.g., HTTP 403 Forbidden).

The changes will be made in the handleRequestGet method in packages/amplify-storage-simulator/src/server/S3server.ts.

Checklist

  • [x] PR description included
  • [x] yarn test passes
  • [x] Tests are changed or added
  • [x] Relevant documentation is changed or added (and PR referenced)
  • [x] New AWS SDK calls or CloudFormation actions have been added to relevant test and service IAM policies
  • [x] Pull request labels are added

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

odaysec avatar May 14 '25 00:05 odaysec