checkURI(): Check file URIs against allowedPaths
This makes e.g. 'fetchGit ./.' work (assuming that ./. is an allowed path).
This commit is contained in:
parent
f539085e65
commit
f24e726ba5
1 changed files with 12 additions and 0 deletions
|
@ -378,6 +378,18 @@ void EvalState::checkURI(const std::string & uri)
|
||||||
&& (prefix[prefix.size() - 1] == '/' || uri[prefix.size()] == '/')))
|
&& (prefix[prefix.size() - 1] == '/' || uri[prefix.size()] == '/')))
|
||||||
return;
|
return;
|
||||||
|
|
||||||
|
/* If the URI is a path, then check it against allowedPaths as
|
||||||
|
well. */
|
||||||
|
if (hasPrefix(uri, "/")) {
|
||||||
|
checkSourcePath(uri);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (hasPrefix(uri, "file://")) {
|
||||||
|
checkSourcePath(std::string(uri, 7));
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
throw RestrictedPathError("access to URI '%s' is forbidden in restricted mode", uri);
|
throw RestrictedPathError("access to URI '%s' is forbidden in restricted mode", uri);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue