Compare commits
3 Commits
345f9a5aac
...
d6bab7a9cf
| Author | SHA1 | Date | |
|---|---|---|---|
 Rodin
|
d6bab7a9cf | ||
|
Rodin
|
4359518e50 | ||
|
Rodin
|
6e11107c77 |
@@ -50,8 +50,8 @@ func validateDocmapPath(localPath, resolvedRoot string) (string, error) {
|
||||
return "", fmt.Errorf("cannot resolve path (symlink): %w", err)
|
||||
}
|
||||
|
||||
// Lstat the resolved path — EvalSymlinks guarantees resolvedPath is
|
||||
// symlink-free, so ModeSymlink can never be set here; this is unreachable.
|
||||
// Lstat the resolved path for size and existence checks — EvalSymlinks
|
||||
// guarantees no symlink components remain, so ModeSymlink can never be set.
|
||||
fi, err := os.Lstat(resolvedPath)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("cannot stat file: %w", err)
|
||||
@@ -152,11 +152,28 @@ func runValidateDocmap(args []string) int {
|
||||
return 2
|
||||
}
|
||||
|
||||
// Parse docmap YAML using the resolved path — eliminates any TOCTOU race
|
||||
// between validation and use.
|
||||
cfg, err := review.ParseDocMapConfig(resolvedDocmap)
|
||||
// Open and read the docmap with a LimitedReader — closes the residual TOCTOU
|
||||
// window between the Lstat size check in validateDocmapPath and the file open
|
||||
// here. The limit is maxDocmapBytes+1 so we can detect a file that grew past
|
||||
// the cap after the stat without reading unbounded bytes.
|
||||
f, err := os.Open(resolvedDocmap)
|
||||
if err != nil {
|
||||
fmt.Fprintf(errWriter, "Error: failed to parse docmap %q: %v\n", resolvedDocmap, err)
|
||||
fmt.Fprintf(errWriter, "Error: failed to open docmap %q: %v\n", *docmapFlag, err)
|
||||
return 2
|
||||
}
|
||||
defer f.Close() // nolint:errcheck
|
||||
docmapData, err := io.ReadAll(io.LimitReader(f, maxDocmapBytes+1))
|
||||
if err != nil {
|
||||
fmt.Fprintf(errWriter, "Error: failed to read docmap %q: %v\n", *docmapFlag, err)
|
||||
return 2
|
||||
}
|
||||
if int64(len(docmapData)) > maxDocmapBytes {
|
||||
fmt.Fprintf(errWriter, "Error: --docmap %q exceeded %d-byte limit after open\n", *docmapFlag, maxDocmapBytes)
|
||||
return 2
|
||||
}
|
||||
cfg, err := review.ParseDocMapConfigContent(string(docmapData), *docmapFlag)
|
||||
if err != nil {
|
||||
fmt.Fprintf(errWriter, "Error: failed to parse docmap %q: %v\n", *docmapFlag, err)
|
||||
return 2
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user