Skip to content

fix: do not leak username to untrusted modules #736

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 12 commits into from
Apr 23, 2025
Merged

fix: do not leak username to untrusted modules #736

merged 12 commits into from
Apr 23, 2025

Conversation

bajtos
Copy link
Member

@bajtos bajtos commented Apr 15, 2025
edited
Loading

We must not leak the filesystem structure when the code is running inside a sandboxed environment. The Checker App files are usually in the user's home directory. The full path includes the username, which is sensitive information we should not leak to untrusted modules. The modules should have access only to the path relative to the project (module) root.

Before:

file:///Users/bajtos/Library/Caches/app.filstation.desktop/sources/spark/main.js

After:

file:///ZINNIA/main.js

I discovered this issue while working on #735

Parent issue:

bajtos added 8 commits April 15, 2025 14:35
@bajtos
fix: source code paths relative to module root
6412856 
We must not leak the filesystem structure when the code is running
inside a sandboxed environment. Only path relative to the project root
should be available to the module.

Signed-off-by: Miroslav Bajtoš <[email protected]>
@bajtos
fix tests on Windows + add virtual root C:\ZINNIA or /ZINNIA
7b2096f 
Signed-off-by: Miroslav Bajtoš <[email protected]>
@bajtos
fixup! path separator on windows
e628510 
Signed-off-by: Miroslav Bajtoš <[email protected]>
@bajtos
Merge branch 'main' into relative-module-paths
33b9bd3
@bajtos
Merge remote-tracking branch 'origin/main' into relative-module-paths
565105f
@bajtos
fixup! tests on windows
dc77b49 
Signed-off-by: Miroslav Bajtoš <[email protected]>
@bajtos
Merge branch 'main' into relative-module-paths
24bd9f5
@bajtos
fixup! build errors
abfa2b2 
Signed-off-by: Miroslav Bajtoš <[email protected]>
@bajtos bajtos changed the title fix: source code paths relative to module root fix: do not leak username to untrusted modules Apr 17, 2025
@bajtos bajtos marked this pull request as ready for review April 17, 2025 09:10
@bajtos bajtos requested a review from juliangruber April 17, 2025 09:10
juliangruber
juliangruber reviewed Apr 17, 2025
View reviewed changes
Copy link
Member

@juliangruber juliangruber left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Idea sounds great to me, I'll step back in favor of Nikolas' review here

@bajtos bajtos requested a review from NikolasHaimerl April 22, 2025 16:17
@bajtos bajtos merged commit 0419b15 into main Apr 23, 2025
16 checks passed
@bajtos bajtos deleted the relative-module-paths branch April 23, 2025 07:29
@bajtos bajtos mentioned this pull request Apr 24, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@juliangruber juliangruber juliangruber left review comments

@NikolasHaimerl NikolasHaimerl NikolasHaimerl approved these changes

@pyropy pyropy Awaiting requested review from pyropy pyropy is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@bajtos @juliangruber @NikolasHaimerl