From a7b20e4105a580f5d852edfa9aa35d69aaabe877 Mon Sep 17 00:00:00 2001 From: Arkadiusz Biel Date: Fri, 6 Nov 2020 10:09:09 +0000 Subject: [PATCH] fix unsecure path --- .../Options/OptionsWebConfigReader.cs | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/src/Our.ModelsBuilder/Options/OptionsWebConfigReader.cs b/src/Our.ModelsBuilder/Options/OptionsWebConfigReader.cs index 9b2b5d03..ff085979 100644 --- a/src/Our.ModelsBuilder/Options/OptionsWebConfigReader.cs +++ b/src/Our.ModelsBuilder/Options/OptionsWebConfigReader.cs @@ -41,6 +41,7 @@ public static void ConfigureOptions(ModelsBuilderOptions options) var directory = GetSetting("ModelsDirectory", ""); if (string.IsNullOrWhiteSpace(directory)) { + options.ModelsDirectory = HostingEnvironment.IsHosted ? HostingEnvironment.MapPath(options.ModelsDirectory) : options.ModelsDirectory.TrimStart("~/"); @@ -161,8 +162,15 @@ internal static string GetModelsDirectory(string root, string config, bool accep if (config.StartsWith("~/")) { + var isOutside = config.StartsWith("~/.."); + if (isOutside && !acceptUnsafe) + throw new ConfigurationErrorsException($"Invalid models directory \"{config}\"."); + + var path = isOutside + ? Path.GetFullPath(Path.Combine(HostingEnvironment.MapPath("~/") + config.TrimStart("~/"))) + : HostingEnvironment.MapPath(config); var dir = HostingEnvironment.IsHosted - ? HostingEnvironment.MapPath(config) + ? path : Path.Combine(root, config.TrimStart("~/")); if (dir == null) throw new Exception("panic"); @@ -171,11 +179,7 @@ internal static string GetModelsDirectory(string root, string config, bool accep // segments in path, eg '../../foo.tmp' - it may throw a SecurityException // if the combined path reaches illegal parts of the filesystem dir = Path.GetFullPath(dir); - root = Path.GetFullPath(root); - - if (!dir.StartsWith(root) && !acceptUnsafe) - throw new ConfigurationErrorsException($"Invalid models directory \"{config}\"."); - + return dir; }