Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ydbd cli: fix vulnerability 101576 #13001

Merged
merged 1 commit into from
Dec 27, 2024
Merged

ydbd cli: fix vulnerability 101576 #13001

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
126 changes: 33 additions & 93 deletions ydb/core/driver_lib/cli_base/cli_cmds_db.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,31 @@ void WarnProfilePathSet() {
Cout << "FYI: profile path is set. You can use short pathnames. Try --help for more info." << Endl;
}

// Get dirname and basename from the pathname using profile config
std::pair<TString, TString> SplitPath(const TClientCommand::TConfig& config, const TString& pathname) {
const bool pathIsAbsolute = pathname.StartsWith('/');
if (config.Path) {
// Profile path is set
if (!pathIsAbsolute) {
return std::make_pair(config.Path, pathname);
} else {
WarnProfilePathSet();
}
}
// path should be absolute here
if (!pathIsAbsolute) {
ythrow yexception() << "Relative path cannot be used without profile";
}

size_t pos = pathname.rfind('/');
if (pos == TString::npos) {
// should be unreachable
ythrow yexception() << "No single '/' in the absolute path";
}

return std::make_pair(pathname.substr(0, pos), pathname.substr(pos + 1));
}

class TClientCommandSchemaMkdir : public TClientCommand {
public:
TClientCommandSchemaMkdir()
Expand All @@ -48,19 +73,7 @@ class TClientCommandSchemaMkdir : public TClientCommand {
virtual void Parse(TConfig& config) override {
TClientCommand::Parse(config);
TString pathname = config.ParseResult->GetFreeArgs()[0];
size_t pos = pathname.rfind('/');
if (config.Path) {
// Profile path is set
if (!pathname.StartsWith('/')) {
Base = config.Path;
Name = pathname;
return;
} else {
WarnProfilePathSet();
}
}
Base = pathname.substr(0, pos);
Name = pathname.substr(pos + 1);
std::tie(Base, Name) = SplitPath(config, pathname);
}

virtual int Run(TConfig& config) override {
Expand Down Expand Up @@ -93,19 +106,7 @@ class TClientCommandSchemaDrop : public TClientCommand {
virtual void Parse(TConfig& config) override {
TClientCommand::Parse(config);
TString pathname = config.ParseResult->GetFreeArgs()[0];
size_t pos = pathname.rfind('/');
if (config.Path) {
// Profile path is set
if (!pathname.StartsWith('/')) {
Base = config.Path;
Name = pathname;
return;
} else {
WarnProfilePathSet();
}
}
Base = pathname.substr(0, pos);
Name = pathname.substr(pos + 1);
std::tie(Base, Name) = SplitPath(config, pathname);
}

virtual int Run(TConfig& config) override {
Expand Down Expand Up @@ -601,6 +602,9 @@ class TClientCommandSchemaChown : public TClientCommand {
}
}
Path = pathname;
if (Path.rfind('/') == TString::npos) {
ythrow yexception() << "No single '/' in the absolute path";
}
}

int Chown(TConfig& config, const TString& path) {
Expand Down Expand Up @@ -686,21 +690,7 @@ class TClientCommandSchemaAccessAdd : public TClientCommand {
virtual void Parse(TConfig& config) override {
TClientCommand::Parse(config);
TString pathname = config.ParseResult->GetFreeArgs()[0];
size_t pos = pathname.rfind('/');
if (config.Path) {
// Profile path is set
if (!pathname.StartsWith('/')) {
Base = config.Path;
Name = pathname;
} else {
WarnProfilePathSet();
Base = pathname.substr(0, pos);
Name = pathname.substr(pos + 1);
}
} else {
Base = pathname.substr(0, pos);
Name = pathname.substr(pos + 1);
}
std::tie(Base, Name) = SplitPath(config, pathname);
Access = config.ParseResult->GetFreeArgs()[1];
}

Expand Down Expand Up @@ -757,21 +747,7 @@ class TClientCommandSchemaAccessRemove : public TClientCommand {
virtual void Parse(TConfig& config) override {
TClientCommand::Parse(config);
TString pathname = config.ParseResult->GetFreeArgs()[0];
size_t pos = pathname.rfind('/');
if (config.Path) {
// Profile path is set
if (!pathname.StartsWith('/')) {
Base = config.Path;
Name = pathname;
} else {
WarnProfilePathSet();
Base = pathname.substr(0, pos);
Name = pathname.substr(pos + 1);
}
} else {
Base = pathname.substr(0, pos);
Name = pathname.substr(pos + 1);
}
std::tie(Base, Name) = SplitPath(config, pathname);
Access = config.ParseResult->GetFreeArgs()[1];
}

Expand Down Expand Up @@ -830,21 +806,7 @@ class TClientCommandSchemaAccessInheritanceBase : public TClientCommand {
virtual void Parse(TConfig& config) override {
TClientCommand::Parse(config);
TString pathname = config.ParseResult->GetFreeArgs()[0];
size_t pos = pathname.rfind('/');
if (config.Path) {
// Profile path is set
if (!pathname.StartsWith('/')) {
Base = config.Path;
Name = pathname;
} else {
WarnProfilePathSet();
Base = pathname.substr(0, pos);
Name = pathname.substr(pos + 1);
}
} else {
Base = pathname.substr(0, pos);
Name = pathname.substr(pos + 1);
}
std::tie(Base, Name) = SplitPath(config, pathname);
}

virtual int Run(TConfig& config) override {
Expand Down Expand Up @@ -1154,28 +1116,6 @@ class TClientCommandSchemaUserAttributeGet: public TClientCommand {
}
};

std::pair<TString, TString> SplitPath(const TClientCommand::TConfig& config, const TString& pathname) {
std::pair<TString, TString> result;

size_t pos = pathname.rfind('/');
if (config.Path) {
// Profile path is set
if (!pathname.StartsWith('/')) {
result.first = config.Path;
result.second = pathname;
} else {
WarnProfilePathSet();
result.first = pathname.substr(0, pos);
result.second = pathname.substr(pos + 1);
}
} else {
result.first = pathname.substr(0, pos);
result.second = pathname.substr(pos + 1);
}

return result;
}

class TClientCommandSchemaUserAttributeSet: public TClientCommand {
using TUserAttributesLimits = NSchemeShard::TUserAttributesLimits;

Expand Down
Loading