Enforce sandbox for include

rust-lang · Apr 26, 2018 · dc1ed74 · dc1ed74
1 parent f78f462
commit dc1ed74
Show file tree

Hide file tree

Showing 8 changed files with 82 additions and 4 deletions.
diff --git a/src/libsyntax/ext/source_util.rs b/src/libsyntax/ext/source_util.rs
@@ -21,7 +21,6 @@ use symbol::Symbol;
 use tokenstream;
 use util::small_vector::SmallVector;
 
-use std::fs::File;
 use std::io::prelude::*;
 use std::path::PathBuf;
 use rustc_data_structures::sync::Lrc;
@@ -99,7 +98,18 @@ pub fn expand_include<'cx>(cx: &'cx mut ExtCtxt, sp: Span, tts: &[tokenstream::T
         None => return DummyResult::expr(sp),
     };
     // The file will be added to the code map by the parser
-    let path = res_rel_file(cx, sp, file);
+    let path = res_rel_file(cx, sp, file.clone());
+    let env_sb = cx.parse_sess().env_sandbox();
+    let path = match env_sb.path_lookup(&path) {
+        Ok(path) => path,
+        Err(e) => {
+            cx.span_err(sp,
+                &format!("couldn't read {}: {}",
+                        file,
+                        e));
+            return DummyResult::expr(sp);
+        }
+    };
     let directory_ownership = DirectoryOwnership::Owned { relative: None };
     let p = parse::new_sub_parser_from_file(cx.parse_sess(), &path, directory_ownership, None, sp);
 
@@ -136,9 +146,10 @@ pub fn expand_include_str(cx: &mut ExtCtxt, sp: Span, tts: &[tokenstream::TokenT
         Some(f) => f,
         None => return DummyResult::expr(sp)
     };
+    let env_sb = cx.parse_sess().env_sandbox();
     let file = res_rel_file(cx, sp, file);
     let mut bytes = Vec::new();
-    match File::open(&file).and_then(|mut f| f.read_to_end(&mut bytes)) {
+    match env_sb.path_open(&file).and_then(|mut f| f.read_to_end(&mut bytes)) {
         Ok(..) => {}
         Err(e) => {
             cx.span_err(sp,
@@ -171,9 +182,10 @@ pub fn expand_include_bytes(cx: &mut ExtCtxt, sp: Span, tts: &[tokenstream::Toke
         Some(f) => f,
         None => return DummyResult::expr(sp)
     };
+    let env_sb = cx.parse_sess().env_sandbox();
     let file = res_rel_file(cx, sp, file);
     let mut bytes = Vec::new();
-    match File::open(&file).and_then(|mut f| f.read_to_end(&mut bytes)) {
+    match env_sb.path_open(&file).and_then(|mut f| f.read_to_end(&mut bytes)) {
         Err(e) => {
             cx.span_err(sp,
                         &format!("couldn't read {}: {}", file.display(), e));

diff --git a/src/test/compile-fail/sb-fixtures/a/a.in b/src/test/compile-fail/sb-fixtures/a/a.in
@@ -0,0 +1 @@
+File A
diff --git a/src/test/compile-fail/sb-fixtures/b/b.in b/src/test/compile-fail/sb-fixtures/b/b.in
@@ -0,0 +1 @@
+File B
diff --git a/src/test/compile-fail/sb-inc-limit.rs b/src/test/compile-fail/sb-inc-limit.rs
@@ -0,0 +1,17 @@
+// Copyright 2017 The Rust Project Developers. See the COPYRIGHT
+// file at the top-level directory of this distribution and at
+// http://rust-lang.org/COPYRIGHT.
+//
+// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
+// http://www.apache.org/licenses/LICENSE-2.0> or the MIT license
+// <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your
+// option. This file may not be copied, modified, or distributed
+// except according to those terms.
+
+// Test to see how file sandboxing is working. This blocks all includes.
+// compile-flags:--include-prefix {{src-base}}/sb-fixtures/a
+
+fn main() {
+    let _ = include_str!("sb-fixtures/a/a.in");
+    let _ = include_str!("sb-fixtures/b/b.in"); //~ERROR: path does not have a valid prefix
+}
diff --git a/src/test/compile-fail/sb-inc-none.rs b/src/test/compile-fail/sb-inc-none.rs
@@ -0,0 +1,27 @@
+// Copyright 2017 The Rust Project Developers. See the COPYRIGHT
+// file at the top-level directory of this distribution and at
+// http://rust-lang.org/COPYRIGHT.
+//
+// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
+// http://www.apache.org/licenses/LICENSE-2.0> or the MIT license
+// <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your
+// option. This file may not be copied, modified, or distributed
+// except according to those terms.
+
+// Test to see how file sandboxing is working. This blocks all includes.
+// compile-flags:--clear-include-prefixes
+// revisions: include include_str include_bytes
+
+fn main() {
+    #[cfg(include)]
+    include!("sb-fixtures/a/a.in");
+    //[include]~^ERROR path does not have a valid prefix
+
+    #[cfg(include_str)]
+    let _ = include_str!("sb-fixtures/a/a.in");
+    //[include_str]~^ERROR path does not have a valid prefix
+
+    #[cfg(include_bytes)]
+    let _ = include_bytes!("sb-fixtures/a/a.in");
+    //[include_bytes]~^ERROR path does not have a valid prefix
+}
diff --git a/src/test/run-pass/sb-fixtures/a/a.in b/src/test/run-pass/sb-fixtures/a/a.in
@@ -0,0 +1 @@
+File A
diff --git a/src/test/run-pass/sb-fixtures/b/b.in b/src/test/run-pass/sb-fixtures/b/b.in
@@ -0,0 +1 @@
+File B
diff --git a/src/test/run-pass/sb-inc.rs b/src/test/run-pass/sb-inc.rs
@@ -0,0 +1,18 @@
+// Copyright 2017 The Rust Project Developers. See the COPYRIGHT
+// file at the top-level directory of this distribution and at
+// http://rust-lang.org/COPYRIGHT.
+//
+// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
+// http://www.apache.org/licenses/LICENSE-2.0> or the MIT license
+// <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your
+// option. This file may not be copied, modified, or distributed
+// except according to those terms.
+
+// Test to see how environment sandboxing is working
+// compile-flags:--include-prefix {{src-base}}/sb-fixtures/a
+// compile-flags:--include-prefix {{src-base}}/sb-fixtures/b/b.in
+
+fn main() {
+    assert_eq!(include_str!("sb-fixtures/a/a.in"), "File A\n");
+    assert_eq!(include_str!("sb-fixtures/b/b.in"), "File B\n");
+}