Fix arbitrary file read vulnerability in CodingController and SourceController#219
Conversation
…roller and SourceController Co-authored-by: jankapunkt <[email protected]>
…ation security Co-authored-by: jankapunkt <[email protected]>
|
Just as a heads up, I was blocked by some firewall rules while working on your feedback. Expand below for details. Warning Firewall rules blocked me from connecting to one or more addresses (expand for details)I tried to connect to the following addresses, but was blocked by firewall rules:
If you need me to access, download, or install something from one of these locations, you can either:
|
|
@copilot you forgot to update the tests in tests/Feature/SourceControllerTest.php as they now throw an error: Failed asserting that an array has the subset Array &0 [
at tests/Feature/SourceControllerTest.php:190 |
…dation Co-authored-by: jankapunkt <[email protected]>
Fixed in commit 7233410. The |
* ci: add npm audit for production deps to ci * build(deps): fix known production vulnerabilities / npm audit fix * fix(backend/ui): Coding page displays empty page when no source was selected * feature: team invitation email to join the team * feature: use .env to configure invitation or direct adding team members * fix: added tests and guard clauses * fix(tests): update edge cases in tests * fix(tests): fix test error * fix: tests fixed * fix: update tests * tests: stub env for other tests in InviteTeamMemberTest * fix: use correct assertion * fix: inivitation tests * fix: tests * fix(tests): run local tests with laravel sail * fix: laravel pint fix * Fix arbitrary file read vulnerability in CodingController and SourceController (#219) * Initial plan * fix: add path validation to prevent arbitrary file read in CodingController and SourceController Co-authored-by: jankapunkt <[email protected]> * refactor: extract validateStoragePath to trait and improve path validation security Co-authored-by: jankapunkt <[email protected]> * fix: create test file in test_update_source_content to pass path validation Co-authored-by: jankapunkt <[email protected]> --------- Co-authored-by: copilot-swe-agent[bot] <[email protected]> Co-authored-by: jankapunkt <[email protected]> --------- Co-authored-by: Copilot <[email protected]>
validateStoragePath()to a reusableValidatesStoragePathtraitstr_starts_with()instead ofstrpos()for clearer intentSecurity Summary
The original code in
CodingController.phpandSourceController.phpcontained a potential arbitrary file read vulnerability wherefile_get_contents($source->converted->path)read a file path from database/model data without validation. An attacker who could influence theSource->converted->pathvalue could potentially read sensitive server files.Fix: Added
ValidatesStoragePathtrait withvalidateStoragePath()method that:realpath()to resolve the actual file path (handles symlinks and..components)str_starts_with()with trailing directory separator to ensure the path is strictly within thestorage/app/projectsdirectory💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.