grim/hgkeeper

Deny invalid path

13 months ago, aklitzing
5a19892df841
Deny invalid path

If an authenticated user calls `hg init hg.host.com/dummy/../../../etc`
it will create the repository in another root directory if the process of
hgkeeper has permissions for this.
This could be an attack to the server.

Also hgkeeper admin repository can be overriden like this.
`hg init ssh://hg.host.com/dummy/../hgkeeper/keys`

Reviewed at https://reviews.imfreedom.org/r/2422/
package main
import (
"os"
"github.com/alecthomas/kong"
"go.uber.org/zap"
"go.uber.org/zap/zapcore"
"keep.imfreedom.org/grim/hgkeeper/authorized_keys"
"keep.imfreedom.org/grim/hgkeeper/globals"
"keep.imfreedom.org/grim/hgkeeper/hg"
"keep.imfreedom.org/grim/hgkeeper/once"
"keep.imfreedom.org/grim/hgkeeper/serve"
"keep.imfreedom.org/grim/hgkeeper/setup"
"keep.imfreedom.org/grim/hgkeeper/version"
)
type commands struct {
globals.Globals
AuthorizedKeys authorized_keys.Command `kong:"cmd,help='output an sshd authorized keys file'"`
Once once.Command `kong:"cmd,help='run hgkeeper for one transaction. This is used when integrating with a system ssh server'"`
Serve serve.Command `kong:"cmd,help='run the ssh server'"`
Setup setup.Command `kong:"cmd,help='inital setup for the server'"`
Version version.Command `kong:"cmd,help='display the version and exit'"`
}
func initLogging() {
levelEncoder := zapcore.CapitalColorLevelEncoder
switch os.Getenv("TERM") {
case "win":
fallthrough
case "dumb":
levelEncoder = zapcore.CapitalLevelEncoder
}
logger, _ := zap.Config{
Encoding: "console",
Level: zap.NewAtomicLevelAt(zapcore.DebugLevel),
OutputPaths: []string{"stdout"},
ErrorOutputPaths: []string{"stderr"},
EncoderConfig: zapcore.EncoderConfig{
MessageKey: "message",
LevelKey: "level",
EncodeLevel: levelEncoder,
TimeKey: "time",
EncodeTime: zapcore.ISO8601TimeEncoder,
},
}.Build()
defer logger.Sync()
zap.ReplaceGlobals(logger)
}
func main() {
cmd := commands{}
ctx := kong.Parse(&cmd)
if ctx.Command() == "serve" {
initLogging()
}
if err := hg.SetExe(cmd.Globals.HgExecutable); err != nil {
ctx.FatalIfErrorf(err)
}
if err := ctx.Run(&cmd.Globals); err != nil {
ctx.FatalIfErrorf(err)
}
}