You are here: Foswiki>Tasks Web>Item11401 (21 Dec 2013, GeorgeClark)Edit Attach

Item11401: Insecure dependency in SEARCH with expandvariables="on"

pencil
Priority: Normal
Current State: Closed
Released In: n/a
Target Release: n/a
Applies To: Extension
Component: DirectedGraphPlugin
Branches: trunk
Reported By: TarekUnger
Waiting For:
Last Change By: GeorgeClark
after update to perl 5.14.2 from 5.12.3 and Fowiki 1.1.4 from 1.1.3:

Testcase:

TestTopicX:
<dot>
digraph G{
a -> b
}
</dot>

TestTopicX2:
%SEARCH{
   "TestTopicX"
   type="keyword"
   scope="topic"
   order="topic"
   zeroresults="on"
   expandvariables="on"
}%

Result:
Die Suche konnte nicht durchgeführt werden. Fehler: Insecure dependency in open while running with -T switch at /home/foswiki/perl/lib/5.14.2/i686-linux-thread-multi/Storable.pm line 250. at /home/foswiki/perl/lib/5.14.2/i686-linux-thread-multi/Storable.pm line 250 Storable::_store('CODE(0x8d473c8)', 'HASH(0x8dbd218)', '/var/www/foswiki_cgitest/working/work_areas/DirectedGraphPlug...', 0) called at /home/foswiki/perl/lib/5.14.2/i686-linux-thread-multi/Storable.pm line 201 Storable::store('HASH(0x8dbd218)', '/var/www/foswiki_cgitest/working/work_areas/DirectedGraphPlug...') called at /var/www/foswiki_cgitest/lib/Foswiki/Plugins/DirectedGraphPlugin.pm line 1146 Foswiki::Plugins::DirectedGraphPlugin::wrapupTagsHandler() called at /var/www/foswiki_cgitest/lib/Foswiki/Plugins/DirectedGraphPlugin.pm line 361 Foswiki::Plugins::DirectedGraphPlugin::commonTagsHandler('\x{a}<img src="/foswiki_cgitest/pub/Sandbox/TestTopic...', 'TestTopic7', 'Sandbox', 0, 'Foswiki::Meta=HASH(0x90a9d70)') called at /var/www/foswiki_cgitest/lib/Foswiki/Plugin.pm line 287 Foswiki::Plugin::invoke('Foswiki::Plugin=HASH(0x8d113b8)', 'commonTagsHandler', '\x{a}<img src="/foswiki_cgitest/pub/Sandbox/TestTopic...', 'TestTopic7', 'Sandbox', 0, 'Foswiki::Meta=HASH(0x90a9d70)') called at /var/www/foswiki_cgitest/lib/Foswiki/Plugins.pm line 331 Foswiki::Plugins::dispatch('Foswiki::Plugins=HASH(0x87a5648)', 'commonTagsHandler', '\x{a}<img src="/foswiki_cgitest/pub/Sandbox/TestTopic...', 'TestTopic7', 'Sandbox', 0, 'Foswiki::Meta=HASH(0x90a9d70)') called at /var/www/foswiki_cgitest/lib/Foswiki.pm line 3258 Foswiki::expandMacros('Foswiki=HASH(0x874d388)', 'DirectedGraph Error (25):
*DirectedGraphPlugin error:* 
Error: /var/www/foswiki_cgitest/working/tmp/DiGraphPluginGmHw7FbAGN.dot:0: syntax error near line 0
01: context:  >>> \ <<< x{a}digraph G{\x{a}a -> b\x{a}}\x{a}Problem executing dot: 'dot  /var/www/foswiki_cgitest/working/tmp/DiGraphPluginGmHw7FbAGN.dot -Tpng -o/var/www/foswiki_cgitest/working/tmp/DGPXdssFtRYpd.png  2> /var/www/foswiki_cgitest/working/tmp/DiGraphPluginGmHw7FbAGN.dot.err ', got:
02: dot exited with rc=1
03:  
\x{a}', 'Foswiki::Meta=HASH(0x90a9d70)') called at /var/www/foswiki_cgitest/lib/Foswiki/Meta.pm line 3129 Foswiki::Meta::expandMacros('Foswiki::Meta=HASH(0x90a9d70)', 'DirectedGraph Error (25):
*DirectedGraphPlugin error:* 
Error: /var/www/foswiki_cgitest/working/tmp/DiGraphPluginhl7HL0Pw5t.dot:0: syntax error near line 0
01: context:  >>> \ <<< x{a}digraph G{\x{a}a -> b\x{a}}\x{a}Problem executing dot: 'dot  /var/www/foswiki_cgitest/working/tmp/DiGraphPluginhl7HL0Pw5t.dot -Tpng -o/var/www/foswiki_cgitest/working/tmp/DGPw3eAMz3Wp1.png  2> /var/www/foswiki_cgitest/working/tmp/DiGraphPluginhl7HL0Pw5t.dot.err ', got:
02: dot exited with rc=1
03:  
\x{a}') called at /var/www/foswiki_cgitest/lib/Foswiki/Search.pm line 757 Foswiki::Search::formatResults('Foswiki::Search=HASH(0x93beb70)', 'Foswiki::Search::Node=HASH(0x94606b8)', 'Foswiki::Search::ResultSet=HASH(0x94605a8)', 'HASH(0x9414448)') called at /var/www/foswiki_cgitest/lib/Foswiki/Search.pm line 407 Foswiki::Search::searchWeb('Foswiki::Search=HASH(0x93beb70)', 'search', 'TestTopic7', 'basetopic', 'TestTopic8', 'expandvariables', 'on', '_RAW', '\x{a} "TestTopic7"\x{a} type="keyword"\x{a} scope="topic"\x{a} order=...', ...) called at /var/www/foswiki_cgitest/lib/Foswiki/Macros/SEARCH.pm line 32 Foswiki::__ANON__() called at /var/www/foswiki_cgitest/lib/CPAN/lib/Error.pm line 379 eval {...} called at /var/www/foswiki_cgitest/lib/CPAN/lib/Error.pm line 371 Error::subs::try('CODE(0x93bc9b8)', 'HASH(0x93beaf0)') called at /var/www/foswiki_cgitest/lib/Foswiki/Macros/SEARCH.pm line 41 Foswiki::SEARCH('Foswiki=HASH(0x874d388)', 'Foswiki::Attrs=HASH(0x93be490)', 'Foswiki::Meta=HASH(0x8e08e50)') called at /var/www/foswiki_cgitest/lib/Foswiki.pm line 3071 Foswiki::_expandMacroOnTopicRendering('Foswiki=HASH(0x874d388)', 'SEARCH', '\x{a} "TestTopic7"\x{a} type="keyword"\x{a} scope="topic"\x{a} order=...', 'Foswiki::Meta=HASH(0x8e08e50)') called at /var/www/foswiki_cgitest/lib/Foswiki.pm line 2947 Foswiki::_processMacros('Foswiki=HASH(0x874d388)', '%SEARCH{\x{a} "TestTopic7"\x{a} type="keyword"\x{a} scope="topic"\x{a} ...', 'CODE(0x8701e48)', 'Foswiki::Meta=HASH(0x8e08e50)', 16) called at /var/www/foswiki_cgitest/lib/Foswiki.pm line 2744 Foswiki::innerExpandMacros('Foswiki=HASH(0x874d388)', 'SCALAR(0x870cea0)', 'Foswiki::Meta=HASH(0x8e08e50)') called at /var/www/foswiki_cgitest/lib/Foswiki.pm line 3253 Foswiki::expandMacros('Foswiki=HASH(0x874d388)', '%SEARCH{\x{a} "TestTopic7"\x{a} type="keyword"\x{a} scope="topic"\x{a} ...', 'Foswiki::Meta=HASH(0x8e08e50)') called at /var/www/foswiki_cgitest/lib/Foswiki/Meta.pm line 3129 Foswiki::Meta::expandMacros('Foswiki::Meta=HASH(0x8e08e50)', '%SEARCH{\x{a} "TestTopic7"\x{a} type="keyword"\x{a} scope="topic"\x{a} ...') called at /var/www/foswiki_cgitest/lib/Foswiki/UI/View.pm line 402 Foswiki::UI::View::_prepare('%SEARCH{\x{a} "TestTopic7"\x{a} type="keyword"\x{a} scope="topic"\x{a} ...', 'Foswiki::Meta=HASH(0x8e08e50)', 0) called at /var/www/foswiki_cgitest/lib/Foswiki/UI/View.pm line 382 Foswiki::UI::View::view('Foswiki=HASH(0x874d388)') called at /var/www/foswiki_cgitest/lib/Foswiki/UI.pm line 316 Foswiki::UI::__ANON__() called at /var/www/foswiki_cgitest/lib/CPAN/lib/Error.pm line 379 eval {...} called at /var/www/foswiki_cgitest/lib/CPAN/lib/Error.pm line 371 Error::subs::try('CODE(0x8197858)', 'HASH(0x874d0c8)') called at /var/www/foswiki_cgitest/lib/Foswiki/UI.pm line 435 Foswiki::UI::_execute('Foswiki::Request=HASH(0x874bd20)', 'CODE(0x8320f78)', 'view', 1) called at /var/www/foswiki_cgitest/lib/Foswiki/UI.pm line 274 Foswiki::UI::handleRequest('Foswiki::Request=HASH(0x874bd20)') called at /var/www/foswiki_cgitest/lib/Foswiki/Engine/CGI.pm line 41 Foswiki::Engine::CGI::run('Foswiki::Engine::CGI=HASH(0x83c5468)') called

When i look in the Source and add a few lines i get the following debug:

lines:
--- new  2.pl   Mon Jan 02 09:33:58 2012
+++ new  3.txt  Mon Jan 02 09:33:56 2012
@@ -1137,6 +1137,12 @@
         _writeDebug('     -- newHashRef existed in session - writing out ');
         %newHash = %{$newHashRef};
         my $workAreaDir = Foswiki::Func::getWorkArea('DirectedGraphPlugin');
+       use Scalar::Util qw( tainted );
+
+       print STDERR "workArea: " . tainted( $workAreaDir ) . "\n";
+       print STDERR "usWeb: " . tainted( $usWeb ) . "\n";
+       print STDERR "topic: " . tainted( $topic ) . "\n";
+
         store \%newHash, "$workAreaDir/${usWeb}_${topic}-filehash";

         if ( $newHash{SET} ) {    # dot tags have been processed

/var/log/apache2/error.log:
workArea: 0
usWeb: 1
topic: 1

When i view TestTopicX normally i don't get any Errors and the Variables aren't tainted.

As Workaround i untaint manually:

@@ -1137,6 +1137,10 @@
         _writeDebug('     -- newHashRef existed in session - writing out ');
         %newHash = %{$newHashRef};
         my $workAreaDir = Foswiki::Func::getWorkArea('DirectedGraphPlugin');
+
+               $usWeb = ( $usWeb =~ /^(.*)$/ )[0];
+               $topic = ( $topic =~ /^(.*)$/ )[0];
+
         store \%newHash, "$workAreaDir/${usWeb}_${topic}-filehash";

         if ( $newHash{SET} ) {    # dot tags have been processed

-- TarekUnger - 02 Jan 2012

 
Topic revision: r3 - 21 Dec 2013, GeorgeClark - This page was cached on 12 Sep 2020 - 00:19.

The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy