fix(run): harden input-file staging per gadfly #18 validation pass
executus CI / test (pull_request) Successful in 48s
executus CI / test (pull_request) Successful in 48s
Second-pass findings on the security fix: - Mime sanitized ONCE and passed to BOTH StageInputFile and the descriptor (was passing raw f.MimeType to the host store while only the descriptor sanitized) — 3 models. - sanitizeField now also strips Unicode format chars (category Cf, incl. the bidi overrides U+202A–U+202E that can reorder how the descriptor renders); IsControl already covers \n\r\t so the explicit checks are dropped. - fileID is sanitized before inlining + an empty file_id drops the file (defense vs a misbehaving stager). - humanizeBytes clamps the prefix index so an absurd size (≥1024^6) can't index past "KMGTPE" and panic — a no-panic guarantee independent of the per-file cap. - Docs sync: README Ports list gains InputFiles; tool.InputFile.Name doc now says the executor reduces an untrusted name to a safe base name (was claiming the field is already safe). Tests: bidi/control stripping; mime sanitized in staged value + descriptor; empty file_id drop; humanizeBytes no-panic across sizes up to 1<<62. Suite green (-race). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -186,3 +186,58 @@ func TestStageInputFilesSanitizesTraversal(t *testing.T) {
|
||||
t.Errorf("descriptor leaked the traversal path:\n%s", out)
|
||||
}
|
||||
}
|
||||
|
||||
// TestSanitizeFieldStripsBidiAndControl: control chars AND Unicode format/bidi
|
||||
// overrides are removed from inlined values.
|
||||
func TestSanitizeFieldStripsBidiAndControl(t *testing.T) {
|
||||
in := "audio/mpg\n; rm -rf" // bidi override + newline
|
||||
got := sanitizeField(in)
|
||||
if strings.ContainsAny(got, "\n\r\t") || strings.ContainsRune(got, '') {
|
||||
t.Errorf("sanitizeField left control/bidi chars: %q", got)
|
||||
}
|
||||
}
|
||||
|
||||
// TestStageInputFilesSanitizesMime: a mime with a control char is cleaned in BOTH
|
||||
// the staged value and the descriptor.
|
||||
func TestStageInputFilesSanitizesMime(t *testing.T) {
|
||||
st := &stagerFunc{}
|
||||
ex := newStagerExecutor(st)
|
||||
out := ex.stageInputFiles(context.Background(), "r", "a",
|
||||
[]tool.InputFile{{Name: "c.wav", MimeType: "audio/wav\ninjected", Data: []byte("x")}}, "go")
|
||||
if len(st.staged) != 1 || strings.ContainsAny(st.staged[0].mime, "\n\r") {
|
||||
t.Errorf("mime not sanitized before staging: %+v", st.staged)
|
||||
}
|
||||
if strings.Contains(out, "\ninjected") {
|
||||
t.Errorf("descriptor carried an unsanitized mime newline:\n%s", out)
|
||||
}
|
||||
}
|
||||
|
||||
// TestStageInputFilesEmptyFileID: a stager returning an empty file_id drops the
|
||||
// file (no blank file_id in the descriptor).
|
||||
func TestStageInputFilesEmptyFileID(t *testing.T) {
|
||||
ex := newStagerExecutor(emptyIDStager{})
|
||||
out := ex.stageInputFiles(context.Background(), "r", "a",
|
||||
[]tool.InputFile{{Name: "x.bin", Data: []byte("z")}}, "p")
|
||||
if out != "p" {
|
||||
t.Errorf("empty file_id should drop the file, got %q", out)
|
||||
}
|
||||
}
|
||||
|
||||
type emptyIDStager struct{}
|
||||
|
||||
func (emptyIDStager) StageInputFile(context.Context, string, string, string, string, []byte) (string, error) {
|
||||
return "", nil
|
||||
}
|
||||
|
||||
// TestHumanizeBytesNoPanic: an absurd size clamps to the last prefix instead of
|
||||
// indexing past "KMGTPE".
|
||||
func TestHumanizeBytesNoPanic(t *testing.T) {
|
||||
defer func() {
|
||||
if r := recover(); r != nil {
|
||||
t.Fatalf("humanizeBytes panicked: %v", r)
|
||||
}
|
||||
}()
|
||||
for _, n := range []int{0, 512, 2048, 5_000_000, 1 << 62} {
|
||||
_ = humanizeBytes(n)
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user