Prevent installed packages using invalid entrypoint names to write outside of aliases directory (#343)

Author: zooba

src/manage/aliasutils.py

@@ -3,7 +3,7 @@
 from .exceptions import FilesInUseError, NoLauncherTemplateError
 from .fsutils import atomic_unlink, ensure_tree, unlink
 from .logging import LOGGER
-from .pathutils import Path, relative_to
+from .pathutils import Path, PurePath, relative_to
 from .tagutils import install_matches_any
 
 _EXE = ".exe".casefold()
@@ -97,6 +97,10 @@ def _create_alias(
     allow_link=True,
     _link=os.link):
     p = cmd.global_dir / name
+    # Raise exception if someone has tried to get us to write outside of the
+    # intended directory
+    if str(p.relative_to(cmd.global_dir)) != PurePath(name).name:
+        raise ValueError(f"Invalid alias name: {name}")
     if not p.match("*.exe"):
         p = p.with_name(p.name + ".exe")
     if not isinstance(target, Path):
@@ -235,6 +239,9 @@ def _parse_entrypoint_line(line):
     name, sep, rest = line.partition("=")
     name = name.strip()
     if name and name[0].isalnum() and sep and rest:
+        # "names" that have a parent directory/slash are invalid
+        if PurePath(name).parent:
+            return None, None, None
         mod, sep, rest = rest.partition(":")
         mod = mod.strip()
         if mod and sep and rest:
@@ -382,6 +389,14 @@ def create_aliases(cmd, aliases, *, allow_link=True, _create_alias=_create_alias
             else:
                 LOGGER.debug("Skipping %s alias because "
                              "the launcher template was not found.", alias.name)
+        except Exception:
+            if install_matches_any(alias.install, getattr(cmd, "tags", None)):
+                LOGGER.warn("Skipping %s alias because an unexpected error "
+                            "occurred.", alias.name)
+                LOGGER.debug("TRACEBACK", exc_info=True)
+            else:
+                LOGGER.debug("Skipping %s alias because an unexpected error "
+                             "occurred.", alias.name, exc_info=True)
 
 
 

tests/test_alias.py

@@ -117,6 +117,17 @@ def test_write_script_alias(alias_checker):
     alias_checker.check_script(alias_checker.Cmd(), "1.0-32", "testA", windowed=0)
 
 
+@pytest.mark.parametrize("name", [
+    "..\\evil_path",
+    "dir\\..\\evil_path",
+    "normal\\subdir",
+    "C:\\absolute\\evil_path",
+])
+def test_write_invalid_alias_name(alias_checker, name):
+    with pytest.raises(ValueError):
+        alias_checker.check(alias_checker.Cmd(), "1.0-32", name, None)
+
+
 def test_write_alias_launcher_missing(fake_config, assert_log, tmp_path):
     fake_config.launcher_exe = tmp_path / "non-existent.exe"
     fake_config.default_platform = '-32'
@@ -255,6 +266,8 @@ def test_parse_entrypoint_line():
         (" name = mod : func ", ("name", "mod", "func")),
         ("name=mod:func[extra]", ("name", "mod", "func")),
         ("name=mod:func [extra]", ("name", "mod", "func")),
+        ("../name=mod:func", (None, None, None)),
+        ("name/../../../name=mod:func", (None, None, None)),
     ]:
         assert expect == AU._parse_entrypoint_line(line)