Skip to content

add a github check for programs not using traversal #8698

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

add a github check for programs not using traversal #8698

wants to merge 6 commits into from
+907 −230

Conversation

sylvestre
Copy link
Contributor

No description provided.

@codspeed-hq CodSpeed HQ
Copy link

codspeed-hq bot commented Sep 21, 2025
edited
Loading

CodSpeed Performance Report

Merging #8698 will not alter performance

Comparing sylvestre:check-tra (da38534) with main (e4835ac)

Summary

✅ 55 untouched
⏩ 73 skipped1

Footnotes

  1. 73 benchmarks were skipped, so the baseline results were used instead. If they were deleted from the codebase, click here and archive them to remove them from the performance reports.

@github-actions GitHub Actions
Copy link

GNU testsuite comparison:

Skipping an intermittent issue tests/misc/tee (passes in this run but fails in the 'main' branch)

@github-actions GitHub Actions
Copy link

GNU testsuite comparison:

Skip an intermittent issue tests/misc/stdbuf (fails in this run but passes in the 'main' branch)
Skipping an intermittent issue tests/timeout/timeout (passes in this run but fails in the 'main' branch)

@github-actions GitHub Actions
Copy link

GNU testsuite comparison:

GNU test failed: tests/rm/cycle. tests/rm/cycle is passing on 'main'. Maybe you have to rebase?
GNU test failed: tests/rm/empty-inacc. tests/rm/empty-inacc is passing on 'main'. Maybe you have to rebase?
GNU test failed: tests/rm/r-1. tests/rm/r-1 is passing on 'main'. Maybe you have to rebase?
GNU test failed: tests/rm/r-2. tests/rm/r-2 is passing on 'main'. Maybe you have to rebase?
GNU test failed: tests/rm/rm2. tests/rm/rm2 is passing on 'main'. Maybe you have to rebase?
GNU test failed: tests/rm/rm3. tests/rm/rm3 is passing on 'main'. Maybe you have to rebase?
GNU test failed: tests/rm/rm5. tests/rm/rm5 is passing on 'main'. Maybe you have to rebase?
GNU test failed: tests/rm/unreadable. tests/rm/unreadable is passing on 'main'. Maybe you have to rebase?
GNU test failed: tests/rm/v-slash. tests/rm/v-slash is passing on 'main'. Maybe you have to rebase?
Skip an intermittent issue tests/rm/rm1 (fails in this run but passes in the 'main' branch)
Skip an intermittent issue tests/tail/overlay-headers (fails in this run but passes in the 'main' branch)
Skip an intermittent issue tests/timeout/timeout (fails in this run but passes in the 'main' branch)
Skipping an intermittent issue tests/misc/tee (passes in this run but fails in the 'main' branch)

@github-actions GitHub Actions
Copy link

GNU testsuite comparison:

GNU test failed: tests/rm/ir-1. tests/rm/ir-1 is passing on 'main'. Maybe you have to rebase?
Skip an intermittent issue tests/tail/overlay-headers (fails in this run but passes in the 'main' branch)
Skip an intermittent issue tests/timeout/timeout (fails in this run but passes in the 'main' branch)

@sylvestre sylvestre force-pushed the check-tra branch 3 times, most recently from 33ad553 to 5082e23 Compare September 26, 2025 22:47
@github-actions GitHub Actions
Copy link

GNU testsuite comparison:

GNU test failed: tests/rm/ir-1. tests/rm/ir-1 is passing on 'main'. Maybe you have to rebase?

@github-actions GitHub Actions
Copy link

GNU testsuite comparison:

GNU test failed: tests/du/long-from-unreadable. tests/du/long-from-unreadable is passing on 'main'. Maybe you have to rebase?
GNU test failed: tests/pwd/pwd-long. tests/pwd/pwd-long is passing on 'main'. Maybe you have to rebase?
GNU test failed: tests/rm/deep-2. tests/rm/deep-2 is passing on 'main'. Maybe you have to rebase?
Skip an intermittent issue tests/tail/overlay-headers (fails in this run but passes in the 'main' branch)
Skip an intermittent issue tests/timeout/timeout (fails in this run but passes in the 'main' branch)

@github-actions GitHub Actions
Copy link

GNU testsuite comparison:

GNU test failed: tests/rm/ir-1. tests/rm/ir-1 is passing on 'main'. Maybe you have to rebase?
Skip an intermittent issue tests/tail/overlay-headers (fails in this run but passes in the 'main' branch)
Skipping an intermittent issue tests/misc/tee (passes in this run but fails in the 'main' branch)

@github-actions GitHub Actions
Copy link

GNU testsuite comparison:

GNU test failed: tests/rm/ir-1. tests/rm/ir-1 is passing on 'main'. Maybe you have to rebase?
Skip an intermittent issue tests/timeout/timeout (fails in this run but passes in the 'main' branch)
Skipping an intermittent issue tests/misc/tee (passes in this run but fails in the 'main' branch)

@github-actions GitHub Actions
Copy link

GNU testsuite comparison:

Skipping an intermittent issue tests/tail/overlay-headers (passes in this run but fails in the 'main' branch)
Skipping an intermittent issue tests/timeout/timeout (passes in this run but fails in the 'main' branch)

@github-actions GitHub Actions
Copy link

GNU testsuite comparison:

Skip an intermittent issue tests/misc/tee (fails in this run but passes in the 'main' branch)

@sylvestre sylvestre marked this pull request as ready for review September 29, 2025 19:48
@github-actions GitHub Actions
Copy link

GNU testsuite comparison:

Skipping an intermittent issue tests/misc/tee (passes in this run but fails in the 'main' branch)
Skipping an intermittent issue tests/timeout/timeout (passes in this run but fails in the 'main' branch)

@github-actions GitHub Actions
Copy link

GNU testsuite comparison:

GNU test failed: tests/rm/rm2. tests/rm/rm2 is passing on 'main'. Maybe you have to rebase?
Skip an intermittent issue tests/misc/usage_vs_getopt (fails in this run but passes in the 'main' branch)
Skip an intermittent issue tests/rm/rm1 (fails in this run but passes in the 'main' branch)
Skip an intermittent issue tests/timeout/timeout (fails in this run but passes in the 'main' branch)
Skipping an intermittent issue tests/misc/tee (passes in this run but fails in the 'main' branch)

@github-actions GitHub Actions
Copy link

GNU testsuite comparison:

GNU test failed: tests/rm/rm2. tests/rm/rm2 is passing on 'main'. Maybe you have to rebase?
Skip an intermittent issue tests/rm/rm1 (fails in this run but passes in the 'main' branch)
Skip an intermittent issue tests/timeout/timeout (fails in this run but passes in the 'main' branch)

@github-actions GitHub Actions
Copy link

GNU testsuite comparison:

Skip an intermittent issue tests/rm/rm1 (fails in this run but passes in the 'main' branch)
Skip an intermittent issue tests/timeout/timeout (fails in this run but passes in the 'main' branch)
Skipping an intermittent issue tests/misc/tee (passes in this run but fails in the 'main' branch)

@sylvestre sylvestre requested a review from cakebaker October 1, 2025 05:50
cakebaker
cakebaker reviewed Oct 1, 2025
View reviewed changes
util/check-safe-traversal.sh
Comment on lines +28 to +47
# Build utilities if not already built
if [ ! -f "$PROJECT_ROOT/target/release/rm" ]; then
echo "Building utilities..."
cd "$PROJECT_ROOT"
cargo build --release --quiet
fi

# Check if we should use individual binaries or multicall binary
# Prefer individual binaries for more accurate testing
if [ -f "$PROJECT_ROOT/target/release/rm" ]; then
echo "Using individual binaries (preferred for testing)"
USE_MULTICALL=0
elif [ -f "$PROJECT_ROOT/target/release/coreutils" ]; then
echo "Using multicall binary: $PROJECT_ROOT/target/release/coreutils"
USE_MULTICALL=1
COREUTILS_BIN="$PROJECT_ROOT/target/release/coreutils"
else
echo "No binaries found - please build first"
exit 1
fi
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this script intended to be used outside of the CI? If not, you could omit these checks.

cakebaker
cakebaker reviewed Oct 1, 2025
View reviewed changes
util/check-safe-traversal.sh

# Check for dangerous patterns across all logs
echo "Checking for dangerous path resolution patterns..."
echo "✓ Basic safe traversal verification completed"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This output feels out of place. I guess it should be shown before the "Additional Safety Checks"?

cakebaker
cakebaker reviewed Oct 1, 2025
View reviewed changes
tests/by-util/test_rm.rs
Comment on lines +1107 to +1110
(stderr.contains("rm: cannot remove 'a/1': Directory not empty")
&& stderr.contains("rm: cannot remove 'a': Directory not empty"))
|| (stderr.contains("rm: cannot remove 'a/1/2': Permission denied")
&& stderr.contains("rm: cannot remove 'b/3': Permission denied"))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What's the reason for the OR? I would expect that the command always returns the same error messages.

cakebaker
cakebaker reviewed Oct 1, 2025
View reviewed changes
tests/by-util/test_rm.rs
Comment on lines +1149 to +1150
stderr.contains("rm: cannot remove directory 'b/a/p': Permission denied")
|| stderr.contains("rm: cannot remove 'b/a/p': Permission denied")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same here, I don't understand why there is an OR.

cakebaker
cakebaker reviewed Oct 1, 2025
View reviewed changes
src/uucore/src/lib/features/perms.rs
match wrap_chown(
// Use safe syscalls for root directory to prevent TOCTOU attacks
#[cfg(target_os = "linux")]
let chown_result = if path.is_dir() {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think you could use cfg! in the condition. It would allow you to get rid of the duplicate block starting on line 335.

cakebaker
cakebaker reviewed Oct 1, 2025
View reviewed changes
src/uucore/src/lib/features/perms.rs
dir_fd: &DirFd,
path: &Path,
meta: &Metadata,
) -> Result<String, String> {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What's the reason for the String in the "ok" case? The function always returns an empty string in that case, so my suggestion is to use Result<(), String> as return type.

cakebaker
cakebaker reviewed Oct 1, 2025
View reviewed changes
Copy link
Contributor

@cakebaker cakebaker left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I will continue with the review of linux.rs and rm.rs tomorrow, the other files are reviewed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cakebaker cakebaker cakebaker left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@sylvestre @cakebaker