You are here: Foswiki>Tasks Web>Item11401 (21 Dec 2013, GeorgeClark)Edit Attach

Item11401: Insecure dependency in SEARCH with expandvariables="on"

pencil
Priority: Normal
Current State: Closed
Released In: n/a
Target Release: n/a
Applies To: Extension
Component: DirectedGraphPlugin
Branches: trunk
Reported By: TarekUnger
Waiting For:
Last Change By: GeorgeClark
after update to perl 5.14.2 from 5.12.3 and Fowiki 1.1.4 from 1.1.3:

Testcase:

TestTopicX: 
<dot>
digraph G{
a -> b
}
</dot>

TestTopicX2: 
%SEARCH{
   "TestTopicX"
   type="keyword"
   scope="topic"
   order="topic"
   zeroresults="on"
   expandvariables="on"
}%

Result:
Die Suche konnte nicht durchgeführt werden. Fehler: Insecure dependency in open while running with -T switch at /home/foswiki/perl/lib/5.14.2/i686-linux-thread-multi/Storable.pm line 250. at /home/foswiki/perl/lib/5.14.2/i686-linux-thread-multi/Storable.pm line 250 Storable::_store('CODE(0x8d473c8)', 'HASH(0x8dbd218)', '/var/www/foswiki_cgitest/working/work_areas/DirectedGraphPlug...', 0) called at /home/foswiki/perl/lib/5.14.2/i686-linux-thread-multi/Storable.pm line 201 Storable::store('HASH(0x8dbd218)', '/var/www/foswiki_cgitest/working/work_areas/DirectedGraphPlug...') called at /var/www/foswiki_cgitest/lib/Foswiki/Plugins/DirectedGraphPlugin.pm line 1146 Foswiki::Plugins::DirectedGraphPlugin::wrapupTagsHandler() called at /var/www/foswiki_cgitest/lib/Foswiki/Plugins/DirectedGraphPlugin.pm line 361 Foswiki::Plugins::DirectedGraphPlugin::commonTagsHandler('\x{a}<img src="/foswiki_cgitest/pub/Sandbox/TestTopic...', 'TestTopic7', 'Sandbox', 0, 'Foswiki::Meta=HASH(0x90a9d70)') called at /var/www/foswiki_cgitest/lib/Foswiki/Plugin.pm line 287 Foswiki::Plugin::invoke('Foswiki::Plugin=HASH(0x8d113b8)', 'commonTagsHandler', '\x{a}<img src="/foswiki_cgitest/pub/Sandbox/TestTopic...', 'TestTopic7', 'Sandbox', 0, 'Foswiki::Meta=HASH(0x90a9d70)') called at /var/www/foswiki_cgitest/lib/Foswiki/Plugins.pm line 331 Foswiki::Plugins::dispatch('Foswiki::Plugins=HASH(0x87a5648)', 'commonTagsHandler', '\x{a}<img src="/foswiki_cgitest/pub/Sandbox/TestTopic...', 'TestTopic7', 'Sandbox', 0, 'Foswiki::Meta=HASH(0x90a9d70)') called at /var/www/foswiki_cgitest/lib/Foswiki.pm line 3258 Foswiki::expandMacros('Foswiki=HASH(0x874d388)', 'DirectedGraph Error (25): 
*DirectedGraphPlugin error:* 
Error: /var/www/foswiki_cgitest/working/tmp/DiGraphPluginGmHw7FbAGN.dot:0: syntax error near line 0
01: context:  >>> \ <<< x{a}digraph G{\x{a}a -> b\x{a}}\x{a}Problem executing dot: 'dot  /var/www/foswiki_cgitest/working/tmp/DiGraphPluginGmHw7FbAGN.dot -Tpng -o/var/www/foswiki_cgitest/working/tmp/DGPXdssFtRYpd.png  2> /var/www/foswiki_cgitest/working/tmp/DiGraphPluginGmHw7FbAGN.dot.err ', got:
02: dot exited with rc=1
03:
\x{a}', 'Foswiki::Meta=HASH(0x90a9d70)') called at /var/www/foswiki_cgitest/lib/Foswiki/Meta.pm line 3129 Foswiki::Meta::expandMacros('Foswiki::Meta=HASH(0x90a9d70)', 'DirectedGraph Error (25): 
*DirectedGraphPlugin error:* 
Error: /var/www/foswiki_cgitest/working/tmp/DiGraphPluginhl7HL0Pw5t.dot:0: syntax error near line 0
01: context:  >>> \ <<< x{a}digraph G{\x{a}a -> b\x{a}}\x{a}Problem executing dot: 'dot  /var/www/foswiki_cgitest/working/tmp/DiGraphPluginhl7HL0Pw5t.dot -Tpng -o/var/www/foswiki_cgitest/working/tmp/DGPw3eAMz3Wp1.png  2> /var/www/foswiki_cgitest/working/tmp/DiGraphPluginhl7HL0Pw5t.dot.err ', got:
02: dot exited with rc=1
03:
\x{a}') called at /var/www/foswiki_cgitest/lib/Foswiki/Search.pm line 757 Foswiki::Search::formatResults('Foswiki::Search=HASH(0x93beb70)', 'Foswiki::Search::Node=HASH(0x94606b8)', 'Foswiki::Search::ResultSet=HASH(0x94605a8)', 'HASH(0x9414448)') called at /var/www/foswiki_cgitest/lib/Foswiki/Search.pm line 407 Foswiki::Search::searchWeb('Foswiki::Search=HASH(0x93beb70)', 'search', 'TestTopic7', 'basetopic', 'TestTopic8', 'expandvariables', 'on', '_RAW', '\x{a} "TestTopic7"\x{a} type="keyword"\x{a} scope="topic"\x{a} order=...', ...) called at /var/www/foswiki_cgitest/lib/Foswiki/Macros/SEARCH.pm line 32 Foswiki::__ANON__() called at /var/www/foswiki_cgitest/lib/CPAN/lib/Error.pm line 379 eval {...} called at /var/www/foswiki_cgitest/lib/CPAN/lib/Error.pm line 371 Error::subs::try('CODE(0x93bc9b8)', 'HASH(0x93beaf0)') called at /var/www/foswiki_cgitest/lib/Foswiki/Macros/SEARCH.pm line 41 Foswiki::SEARCH('Foswiki=HASH(0x874d388)', 'Foswiki::Attrs=HASH(0x93be490)', 'Foswiki::Meta=HASH(0x8e08e50)') called at /var/www/foswiki_cgitest/lib/Foswiki.pm line 3071 Foswiki::_expandMacroOnTopicRendering('Foswiki=HASH(0x874d388)', 'SEARCH', '\x{a} "TestTopic7"\x{a} type="keyword"\x{a} scope="topic"\x{a} order=...', 'Foswiki::Meta=HASH(0x8e08e50)') called at /var/www/foswiki_cgitest/lib/Foswiki.pm line 2947 Foswiki::_processMacros('Foswiki=HASH(0x874d388)', '%SEARCH{\x{a} "TestTopic7"\x{a} type="keyword"\x{a} scope="topic"\x{a} ...', 'CODE(0x8701e48)', 'Foswiki::Meta=HASH(0x8e08e50)', 16) called at /var/www/foswiki_cgitest/lib/Foswiki.pm line 2744 Foswiki::innerExpandMacros('Foswiki=HASH(0x874d388)', 'SCALAR(0x870cea0)', 'Foswiki::Meta=HASH(0x8e08e50)') called at /var/www/foswiki_cgitest/lib/Foswiki.pm line 3253 Foswiki::expandMacros('Foswiki=HASH(0x874d388)', '%SEARCH{\x{a} "TestTopic7"\x{a} type="keyword"\x{a} scope="topic"\x{a} ...', 'Foswiki::Meta=HASH(0x8e08e50)') called at /var/www/foswiki_cgitest/lib/Foswiki/Meta.pm line 3129 Foswiki::Meta::expandMacros('Foswiki::Meta=HASH(0x8e08e50)', '%SEARCH{\x{a} "TestTopic7"\x{a} type="keyword"\x{a} scope="topic"\x{a} ...') called at /var/www/foswiki_cgitest/lib/Foswiki/UI/View.pm line 402 Foswiki::UI::View::_prepare('%SEARCH{\x{a} "TestTopic7"\x{a} type="keyword"\x{a} scope="topic"\x{a} ...', 'Foswiki::Meta=HASH(0x8e08e50)', 0) called at /var/www/foswiki_cgitest/lib/Foswiki/UI/View.pm line 382 Foswiki::UI::View::view('Foswiki=HASH(0x874d388)') called at /var/www/foswiki_cgitest/lib/Foswiki/UI.pm line 316 Foswiki::UI::__ANON__() called at /var/www/foswiki_cgitest/lib/CPAN/lib/Error.pm line 379 eval {...} called at /var/www/foswiki_cgitest/lib/CPAN/lib/Error.pm line 371 Error::subs::try('CODE(0x8197858)', 'HASH(0x874d0c8)') called at /var/www/foswiki_cgitest/lib/Foswiki/UI.pm line 435 Foswiki::UI::_execute('Foswiki::Request=HASH(0x874bd20)', 'CODE(0x8320f78)', 'view', 1) called at /var/www/foswiki_cgitest/lib/Foswiki/UI.pm line 274 Foswiki::UI::handleRequest('Foswiki::Request=HASH(0x874bd20)') called at /var/www/foswiki_cgitest/lib/Foswiki/Engine/CGI.pm line 41 Foswiki::Engine::CGI::run('Foswiki::Engine::CGI=HASH(0x83c5468)') called

When i look in the Source and add a few lines i get the following debug:

lines: 
--- new  2.pl   Mon Jan 02 09:33:58 2012
+++ new  3.txt  Mon Jan 02 09:33:56 2012
@@ -1137,6 +1137,12 @@
         _writeDebug('     -- newHashRef existed in session - writing out ');
         %newHash = %{$newHashRef};
         my $workAreaDir = Foswiki::Func::getWorkArea('DirectedGraphPlugin');
+       use Scalar::Util qw( tainted );
+
+       print STDERR "workArea: " . tainted( $workAreaDir ) . "\n";
+       print STDERR "usWeb: " . tainted( $usWeb ) . "\n";
+       print STDERR "topic: " . tainted( $topic ) . "\n";
+
         store \%newHash, "$workAreaDir/${usWeb}_${topic}-filehash";

         if ( $newHash{SET} ) {    # dot tags have been processed

/var/log/apache2/error.log: 
workArea: 0
usWeb: 1
topic: 1

When i view TestTopicX normally i don't get any Errors and the Variables aren't tainted.

As Workaround i untaint manually: 

@@ -1137,6 +1137,10 @@
         _writeDebug('     -- newHashRef existed in session - writing out ');
         %newHash = %{$newHashRef};
         my $workAreaDir = Foswiki::Func::getWorkArea('DirectedGraphPlugin');
+
+               $usWeb = ( $usWeb =~ /^(.*)$/ )[0];
+               $topic = ( $topic =~ /^(.*)$/ )[0];
+
         store \%newHash, "$workAreaDir/${usWeb}_${topic}-filehash";

         if ( $newHash{SET} ) {    # dot tags have been processed

-- TarekUnger - 02 Jan 2012

 

ItemTemplate edit

Summary Insecure dependency in SEARCH with expandvariables="on"
ReportedBy TarekUnger
Codebase 1.1.4, trunk
SVN Range
AppliesTo Extension
Component DirectedGraphPlugin
Priority Normal
CurrentState Closed
WaitingFor
Checkins DirectedGraphPlugin:027c28ca019a
TargetRelease n/a
ReleasedIn n/a
CheckinsOnBranches trunk
trunkCheckins DirectedGraphPlugin:027c28ca019a
Release01x01Checkins
Edit  | Attach | Print version | History: r3 < r2 < r1 | Backlinks | View wiki text | Edit wiki text | More topic actions
Topic revision: r3 - 21 Dec 2013, GeorgeClark
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy