Restrict autoloaded paths to loaded apps (and other enhancements) #18839
Conversation
Allows symlinked app directories to work properly
RobinMcCorkell
force-pushed
the
autoloader-supersecure
branch
from
45af654
to
895e633
Compare
|
That's cool 👍 |
|
Oh, I've inadvertently fixed some other bugs too 🚀 Fixes #18224, fixes #18317, fixes #18836, fixes #18305, fixes #18296, fixes #18322, fixes #18329, fixes #18333, ........ (yes, I included the issues that were marked as duplicates of the original one, simply to show the impact of the bug). The line that fixes all those bugs is the move of |
|
nice 👍 please backport |
|
Looks goods 👍 |
|
CI hasn't run the full autotest suite, so I'm not merging just yet... |
Background jobs are tolerant of stale entries left by disabled apps, which will cause an autoload exception.
|
A new inspection was created. |
|
The latest commit makes the autoloader throw a unique exception class, which the background job runner catches to prevent stale jobs breaking things. |
Correct. Because loadApp is also called during app upgrade 🙈 |
|
Code looks good, fixes my issue and CI runs fine locally 👍 |
Restrict autoloaded paths to loaded apps (and other enhancements)
|
@Xenopathic - Last time I tried, loading the app did not work. At least it didn't bring routes up, but I'll try again to see if it solves this one. |
|
@nickvergessen when you see this on Monday, before you get too excited and revert immediately, I will be sending out a mailing list email to clarify the updated requirements, as soon as we find an appropriate solution with @oparoz |
|
I can confirm that loading the app in the boostrap still does nothing. I suspect a bug in the loader, unless someone can show me an app which loads (1. load the app 2. check the navigation menu). But adding this to the boostrap fixes the issue: It just doesn't make sense to have to whitelist the app being tested, but it's better than hundreds of failing tests ;). |
|
Apart from the problems, I do applaud the move to protect the system from dormant apps 👏 |
|
@oparoz Well, for unit tests that line will work just fine, but you realise it doesn't work as expected? All paths are relative to the OC::$SERVERROOT, so you basically just disabled the autoloader verification for everything 😆 |
|
Arf, yes... Missing |
|
LoadApp() works, but there is a problem with loadApps() #18863 |
Sorry @Xenopathic but this is 💩 So the now required code for the bootstrap.php is: \OC::$loader->addValidRoot(OC::$SERVERROOT . '/tests');
\OC_App::loadApp('<app name here>'); |
|
@nickvergessen Actually, I was wondering why we only load a minimal set of apps in bootstrap.php: https://github.com/owncloud/core/blob/master/tests/bootstrap.php#L14-L15. We should be loading all enabled apps, which would prevent these issues? |
|
I'm not using that bootstrap file.... |
|
OK, so the consensus is that we should explicitly require that the app (and any dependencies of that app) are loaded with |
|
@Xenopathic - The boostrap still works when I remove |
Yep. The root is added on appLoad() |
|
@MorrisJobke - OK, there may be a bug then: |
|
@MorrisJobke - In Gallery, |
* same as #18839 for legacy jobs * avoids spamming the log with useless entries
* same as #18839 for legacy jobs * avoids spamming the log with useless entries
* same as #18839 for legacy jobs * avoids spamming the log with useless entries
Unloaded apps (aka not enabled apps) will not get any files autoloaded anymore, which can prevent an unloaded app becoming an attack vector if it is not regularly updated.
In addition, the autoloader will properly resolve symlinked app directories, to allow for a semi-common usecase where apps are stored elsewhere but are symlinked into the ownCloud directory. Fixes issues as noted in #18396 (comment)
@fossxplorer want to test this out with your symlinked apps?
cc @icewind1991 @MorrisJobke @PVince81 @LukasReschke