Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

use exact match for illegal path check #34539

Merged
merged 6 commits into from
Jun 14, 2024
Merged

use exact match for illegal path check #34539

merged 6 commits into from
Jun 14, 2024

Conversation

zhangbo1882
Copy link
Contributor

@zhangbo1882 zhangbo1882 commented Jun 5, 2024
edited
Loading

In our environment, the file system directory is as follows:

Tue Jun 04 22:28:35][#48# ]$df -h
Filesystem                 Size  Used Avail Use% Mounted on
tmpfs                       77G  104K   77G   1% /dev/shm
tmpfs                       31G  9.8M   31G   1% /run
tmpfs                      5.0M     0  5.0M   0% /run/lock
tmpfs                      4.0M     0  4.0M   0% /sys/fs/cgroup
/dev/mapper/atomicos-root  150G  144G  5.8G  97% /sysroot
/dev/vda2                  483M   84M  400M  18% /boot
/dev/vdc                   1.2T   87G  1.1T   8% /sysroot/home/centos/external

We have a directory named /sysroot. If the envoy config file is the that directory, envoy can not start up.

[2024-06-04 22:28:35.581][3382724][critical][main] [source/server/server.cc:131] error initializing configuration 'configs/envoy.yaml': Invalid path: configs/envoy.yaml
[2024-06-04 22:28:35.581][3382724][info][main] [source/server/server.cc:972] exiting
Invalid path: configs/envoy.yaml

In my mind, envoy should only check the default system directory such as /dev /sys /proc as illegal path.
So it is better to use exact match instead of startwith match.

adisuissa
adisuissa reviewed Jun 5, 2024
View reviewed changes
Copy link
Contributor

@adisuissa adisuissa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, left a high-level comment.

source/common/filesystem/posix/filesystem_impl.cc Outdated Show resolved Hide resolved
@adisuissa
Copy link
Contributor

/wait

@zhangbo1882
use exact match for illegal path check
1694fde 
Signed-off-by: Zhang Bo <bozhang@ebay.com>
@zhangbo1882
format fix
0666d4f 
Signed-off-by: Zhang Bo <bozhang@ebay.com>
@zhangbo1882
fix issues in comments and add more test case
d397624 
Signed-off-by: Zhang Bo <bozhang@ebay.com>
adisuissa
adisuissa reviewed Jun 6, 2024
View reviewed changes
Copy link
Contributor

@adisuissa adisuissa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/assign-from @envoyproxy/senior-maintainers

source/common/filesystem/posix/filesystem_impl.cc Show resolved Hide resolved
@repokitteh-read-only RepoKitteh - Read Only
Copy link

@envoyproxy/senior-maintainers assignee is @phlax

🐱

Caused by: a #34539 (review) was submitted by @adisuissa.

see: more, trace.

@adisuissa
Copy link
Contributor

Assigning Harvey for a senior-maintainer pass.
/assign @htuch

Waiting for comment update.
/wait

@zhangbo1882
add comments
d028273 
Signed-off-by: Zhang Bo <bozhang@ebay.com>
@zhangbo1882
add comments
1922e60 
Signed-off-by: Zhang Bo <bozhang@ebay.com>
htuch
htuch reviewed Jun 7, 2024
View reviewed changes
Copy link
Member

@htuch htuch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

htuch
htuch previously approved these changes Jun 7, 2024
View reviewed changes
@zhangbo1882
remove incorrect test cases
8413f16 
Signed-off-by: Zhang Bo <bozhang@ebay.com>
@zhangbo1882
Copy link
Contributor Author

zhangbo1882 commented Jun 7, 2024
edited
Loading

@htuch , I removed the test case I added in last commit. Because in the CI test environment, there is no /sysroot directory, so the function canonicalPath can not return a valid path so that /sysroot will always be considered as illegal, the test case will fail.

EXPECT_FALSE(file_system_.illegalPath("/sysroot/"));

In my local system, I have the /sysroot directory, the test case will pass.
I do not have any good ideas to add the test cases in CI environment except the following way

  const Api::SysCallStringResult canonical_path = canonicalPath("/sysroot");
  if (canonical_path.return_value_.empty()) {
    EXPECT_TRUE(file_system_.illegalPath("/sysroot")); 
  } else {
    EXPECT_FALSE(file_system_.illegalPath("/sysroot")); 
  }

But I do not think it is necessary to have above test code. What's your opinion?

@htuch
Copy link
Member

htuch commented Jun 12, 2024
edited
Loading

I think the whole test should move to a mock environment for filesystem impl, to avoid the CI machine dependency. This probably will save some grief in the future. We could leave one or two tests using the real /dev maybe, which should be standard, and mock the rest.

Concretely what this means here is that in the canonicalPath implementation, we shouldn't use ::realpath directly, but some variant in os_syscalls_impl.cc that can be mocked out by replacing the OS syscall singleton

@zhangbo1882
Copy link
Contributor Author

If we need to refactor the whole testing for filesystem impl, can we have another PR to do that?

@htuch
Copy link
Member

htuch commented Jun 13, 2024

@zhangbo1882 that's fine if you're willing to do that.

@zhangbo1882
Copy link
Contributor Author

I will try my best to do that. Do we need to create a issue for that ?

htuch
htuch approved these changes Jun 14, 2024
View reviewed changes
Copy link
Member

@htuch htuch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK, LGTM providing there is some test followup.

@htuch htuch merged commit bd5a73e into envoyproxy:main Jun 14, 2024
52 checks passed
Nealsoni00 pushed a commit to Nealsoni00/envoy that referenced this pull request Jun 18, 2024
@zhangbo1882 @Nealsoni00
use exact match for illegal path check (envoyproxy#34539)
07d945a 
In our environment, the file system directory is as follows:

Tue Jun 04 22:28:35][envoyproxy#48# ]$df -h
Filesystem                 Size  Used Avail Use% Mounted on
tmpfs                       77G  104K   77G   1% /dev/shm
tmpfs                       31G  9.8M   31G   1% /run
tmpfs                      5.0M     0  5.0M   0% /run/lock
tmpfs                      4.0M     0  4.0M   0% /sys/fs/cgroup
/dev/mapper/atomicos-root  150G  144G  5.8G  97% /sysroot
/dev/vda2                  483M   84M  400M  18% /boot
/dev/vdc                   1.2T   87G  1.1T   8% /sysroot/home/centos/external

We have a directory named /sysroot. If the envoy config file is the that directory, envoy can not start up.

[2024-06-04 22:28:35.581][3382724][critical][main] [source/server/server.cc:131] error initializing configuration 'configs/envoy.yaml': Invalid path: configs/envoy.yaml
[2024-06-04 22:28:35.581][3382724][info][main] [source/server/server.cc:972] exiting
Invalid path: configs/envoy.yaml

In my mind, envoy should only check the default system directory such as /dev /sys /proc as illegal path.
So it is better to use exact match instead of startwith match.

Signed-off-by: Zhang Bo <bozhang@ebay.com>
Signed-off-by: Neal Soni <Nealsoni00@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@htuch htuch htuch approved these changes

@adisuissa adisuissa Awaiting requested review from adisuissa

Assignees

@htuch htuch

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@zhangbo1882 @adisuissa @htuch @phlax