Skip to content
This repository was archived by the owner on Jul 7, 2025. It is now read-only.

fix: do not leak username to untrusted modules #736

Merged
merged 12 commits into from
Apr 23, 2025
Merged

fix: do not leak username to untrusted modules #736

merged 12 commits into from
Apr 23, 2025

Conversation

@bajtos
Copy link
Member

@bajtos bajtos commented Apr 15, 2025
edited
Loading

We must not leak the filesystem structure when the code is running inside a sandboxed environment. The Checker App files are usually in the user's home directory. The full path includes the username, which is sensitive information we should not leak to untrusted modules. The modules should have access only to the path relative to the project (module) root.

Before:

file:///Users/bajtos/Library/Caches/app.filstation.desktop/sources/spark/main.js

After:

file:///ZINNIA/main.js

I discovered this issue while working on #735

Parent issue:

bajtos added 8 commits April 15, 2025 14:35
@bajtos
fix: source code paths relative to module root
6412856 
We must not leak the filesystem structure when the code is running
inside a sandboxed environment. Only path relative to the project root
should be available to the module.

Signed-off-by: Miroslav Bajtoš <[email protected]>
@bajtos
fix tests on Windows + add virtual root C:\ZINNIA or /ZINNIA
7b2096f 
Signed-off-by: Miroslav Bajtoš <[email protected]>
@bajtos
fixup! path separator on windows
e628510 
Signed-off-by: Miroslav Bajtoš <[email protected]>
@bajtos
Merge branch 'main' into relative-module-paths
33b9bd3
@bajtos
Merge remote-tracking branch 'origin/main' into relative-module-paths
565105f
@bajtos
fixup! tests on windows
dc77b49 
Signed-off-by: Miroslav Bajtoš <[email protected]>
@bajtos
Merge branch 'main' into relative-module-paths
24bd9f5
@bajtos
fixup! build errors
abfa2b2 
Signed-off-by: Miroslav Bajtoš <[email protected]>
@bajtos bajtos changed the title fix: source code paths relative to module root fix: do not leak username to untrusted modules Apr 17, 2025
@bajtos bajtos marked this pull request as ready for review April 17, 2025 09:10
@bajtos bajtos requested a review from juliangruber April 17, 2025 09:10
juliangruber
juliangruber reviewed Apr 17, 2025
View reviewed changes
Copy link
Member

@juliangruber juliangruber left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Idea sounds great to me, I'll step back in favor of Nikolas' review here

NikolasHaimerl
NikolasHaimerl reviewed Apr 22, 2025
View reviewed changes
NikolasHaimerl
NikolasHaimerl reviewed Apr 22, 2025
View reviewed changes
NikolasHaimerl
NikolasHaimerl reviewed Apr 22, 2025
View reviewed changes
NikolasHaimerl
NikolasHaimerl reviewed Apr 22, 2025
View reviewed changes
@bajtos bajtos requested a review from NikolasHaimerl April 22, 2025 16:17
@bajtos bajtos merged commit 0419b15 into main Apr 23, 2025
16 checks passed
@bajtos bajtos deleted the relative-module-paths branch April 23, 2025 07:29
@bajtos bajtos mentioned this pull request Apr 24, 2025
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@pyropy pyropy Awaiting requested review from pyropy pyropy is a code owner

2 more reviewers

@juliangruber juliangruber juliangruber left review comments

@NikolasHaimerl NikolasHaimerl NikolasHaimerl approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@bajtos @juliangruber @NikolasHaimerl