You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by jc...@apache.org on 2010/05/05 23:17:26 UTC
svn commit: r941495 - in /couchdb/branches/0.11.x: ./
etc/couchdb/default.ini.tpl.in etc/default/couchdb
share/www/script/test/rewrite.js src/couchdb/couch_httpd_rewrite.erl
Author: jchris
Date: Wed May 5 21:17:25 2010
New Revision: 941495
URL: http://svn.apache.org/viewvc?rev=941495&view=rev
Log:
backport secure rewrites from r941451
Modified:
couchdb/branches/0.11.x/ (props changed)
couchdb/branches/0.11.x/etc/couchdb/default.ini.tpl.in
couchdb/branches/0.11.x/etc/default/couchdb (props changed)
couchdb/branches/0.11.x/share/www/script/test/rewrite.js
couchdb/branches/0.11.x/src/couchdb/couch_httpd_rewrite.erl
Propchange: couchdb/branches/0.11.x/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Wed May 5 21:17:25 2010
@@ -6,4 +6,4 @@
/couchdb/branches/list-iterator:782292-784593
/couchdb/branches/tail_header:775760-778477
/couchdb/tags/0.10.0:825400
-/couchdb/trunk:909247,910054,910696,910910-910911,911544,911559,911578,911602,911717,911837,912474,912606,912608,912615,912636,915526,915529-915530,915827,916076,916153,916518,916521,917553,918855,919193,921707,923526,925264,931655,933039,936889
+/couchdb/trunk:909247,910054,910696,910910-910911,911544,911559,911578,911602,911717,911837,912474,912606,912608,912615,912636,915526,915529-915530,915827,916076,916153,916518,916521,917553,918855,919193,921707,923526,925264,931655,933039,936889,941451
Modified: couchdb/branches/0.11.x/etc/couchdb/default.ini.tpl.in
URL: http://svn.apache.org/viewvc/couchdb/branches/0.11.x/etc/couchdb/default.ini.tpl.in?rev=941495&r1=941494&r2=941495&view=diff
==============================================================================
--- couchdb/branches/0.11.x/etc/couchdb/default.ini.tpl.in (original)
+++ couchdb/branches/0.11.x/etc/couchdb/default.ini.tpl.in Wed May 5 21:17:25 2010
@@ -17,6 +17,7 @@ port = 5984
bind_address = 127.0.0.1
authentication_handlers = {couch_httpd_oauth, oauth_authentication_handler}, {couch_httpd_auth, cookie_authentication_handler}, {couch_httpd_auth, default_authentication_handler}
default_handler = {couch_httpd_db, handle_request}
+secure_rewrites = true
[log]
file = %localstatelogdir%/couch.log
Propchange: couchdb/branches/0.11.x/etc/default/couchdb
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Wed May 5 21:17:25 2010
@@ -6,5 +6,5 @@
/couchdb/branches/list-iterator/etc/default/couchdb:782292-784593
/couchdb/branches/tail_header/etc/default/couchdb:775760-778477
/couchdb/tags/0.10.0/etc/default/couchdb:825400
-/couchdb/trunk/etc/default/couchdb:909247,910054,910696,911544,911602,911717,911837,912474,912606,912608,912615,912636,915526,915529-915530,915827,916076,916153,916518,916521,917553,918855,919193,921707,923526,925264,931655,933039,936889
+/couchdb/trunk/etc/default/couchdb:909247,910054,910696,911544,911602,911717,911837,912474,912606,912608,912615,912636,915526,915529-915530,915827,916076,916153,916518,916521,917553,918855,919193,921707,923526,925264,931655,933039,936889,941451
/incubator/couchdb/trunk/etc/default/couchdb:642419-694440
Modified: couchdb/branches/0.11.x/share/www/script/test/rewrite.js
URL: http://svn.apache.org/viewvc/couchdb/branches/0.11.x/share/www/script/test/rewrite.js?rev=941495&r1=941494&r2=941495&view=diff
==============================================================================
--- couchdb/branches/0.11.x/share/www/script/test/rewrite.js (original)
+++ couchdb/branches/0.11.x/share/www/script/test/rewrite.js Wed May 5 21:17:25 2010
@@ -132,11 +132,12 @@ couchTests.rewrite = function(debug) {
}
},
{
- "from": "uuids",
- "to": "../../../_uuids"
+ "from": "simpleForm/complexView5/:a/:b",
+ "to": "_list/simpleForm/complexView3",
+ "query": {
+ "key": [":a", ":b"]
+ }
}
-
-
],
lists: {
simpleForm: stringFun(function(head, req) {
@@ -321,12 +322,29 @@ couchTests.rewrite = function(debug) {
// test path relative to server
+ designDoc.rewrites.push({
+ "from": "uuids",
+ "to": "../../../_uuids"
+ });
+ T(db.save(designDoc).ok);
var xhr = CouchDB.request("GET", "/test_suite_db/_design/test/_rewrite/uuids");
- T(xhr.status == 200);
+ T(xhr.status == 500);
var result = JSON.parse(xhr.responseText);
- T(result.uuids.length == 1);
- var first = result.uuids[0];
+ T(result.error == "insecure_rewrite_rule");
+
+ run_on_modified_server(
+ [{section: "httpd",
+ key: "secure_rewrites",
+ value: "false"}],
+ function() {
+ var xhr = CouchDB.request("GET", "/test_suite_db/_design/test/_rewrite/uuids?cache=bust");
+ T(xhr.status == 200);
+ var result = JSON.parse(xhr.responseText);
+ T(result.uuids.length == 1);
+ var first = result.uuids[0];
+ });
+
});
}
\ No newline at end of file
Modified: couchdb/branches/0.11.x/src/couchdb/couch_httpd_rewrite.erl
URL: http://svn.apache.org/viewvc/couchdb/branches/0.11.x/src/couchdb/couch_httpd_rewrite.erl?rev=941495&r1=941494&r2=941495&view=diff
==============================================================================
--- couchdb/branches/0.11.x/src/couchdb/couch_httpd_rewrite.erl (original)
+++ couchdb/branches/0.11.x/src/couchdb/couch_httpd_rewrite.erl Wed May 5 21:17:25 2010
@@ -352,24 +352,34 @@ make_rule(Rule) ->
parse_path(Path) ->
{ok, SlashRE} = re:compile(<<"\\/">>),
- path_to_list(re:split(Path, SlashRE), []).
+ path_to_list(re:split(Path, SlashRE), [], 0).
%% @doc convert a path rule (from or to) to an erlang list
%% * and path variable starting by ":" are converted
%% in erlang atom.
-path_to_list([], Acc) ->
+path_to_list([], Acc, _DotDotCount) ->
lists:reverse(Acc);
-path_to_list([<<>>|R], Acc) ->
- path_to_list(R, Acc);
-path_to_list([<<"*">>|R], Acc) ->
- path_to_list(R, [?MATCH_ALL|Acc]);
-path_to_list([P|R], Acc) ->
+path_to_list([<<>>|R], Acc, DotDotCount) ->
+ path_to_list(R, Acc, DotDotCount);
+path_to_list([<<"*">>|R], Acc, DotDotCount) ->
+ path_to_list(R, [?MATCH_ALL|Acc], DotDotCount);
+path_to_list([<<"..">>|R], Acc, DotDotCount) when DotDotCount == 2 ->
+ case couch_config:get("httpd", "secure_rewrites", "true") of
+ "false" ->
+ path_to_list(R, [<<"..">>|Acc], DotDotCount+1);
+ Else ->
+ ?LOG_INFO("insecure_rewrite_rule ~p blocked", [lists:reverse(Acc) ++ [<<"..">>] ++ R]),
+ throw({insecure_rewrite_rule, "too many ../.. segments"})
+ end;
+path_to_list([<<"..">>|R], Acc, DotDotCount) ->
+ path_to_list(R, [<<"..">>|Acc], DotDotCount+1);
+path_to_list([P|R], Acc, DotDotCount) ->
P1 = case P of
<<":", Var/binary>> ->
list_to_atom(binary_to_list(Var));
_ -> P
end,
- path_to_list(R, [P1|Acc]).
+ path_to_list(R, [P1|Acc], DotDotCount).
encode_query(Props) ->
Props1 = lists:foldl(fun ({K, V}, Acc) ->