Skip to content

Commit

Permalink
Fix for the Unauthorized File Access vulnerability [huntr]
Browse files Browse the repository at this point in the history
Fix for the Unauthorized File Access vulnerability. This fix prevents access to symlinks pointing to files outside of the project's base directory.

@mufeedvh on huntr.dev
  • Loading branch information
mufeedvh authored Feb 2, 2020
1 parent 56924b7 commit 51cfb24
Showing 1 changed file with 16 additions and 0 deletions.
16 changes: 16 additions & 0 deletions lib/middleware.js
Original file line number Diff line number Diff line change
Expand Up @@ -517,6 +517,22 @@ exports.process = function(req, rsp, next){
/**
* Now we let terraform handle the asset pipeline.
*/

// checking if the source file being served is a symlink
fs.lstat(sourceFile, function(err, stats) {
if (stats.isSymbolicLink()) {
fs.readlink(sourceFile, function (err, symlinkTo) {
// forbidding access if the symlink points to a file outside of the project's base directory to prevent path traversal
var projectPath = path.dirname(require.main.filename) // full path of the project's main file
var symlinkPath = path.dirname(symlinkTo) // full path of the symlink
if (projectPath !== symlinkPath) {
var body = "403 Forbidden"
rsp.statusCode = 403
rsp.end(body)
}
});
}
});

req.poly.render(sourceFile, function(error, body){
if(error){
Expand Down

0 comments on commit 51cfb24

Please sign in to comment.