You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by jc...@apache.org on 2010/05/05 23:17:26 UTC

svn commit: r941495 - in /couchdb/branches/0.11.x: ./ etc/couchdb/default.ini.tpl.in etc/default/couchdb share/www/script/test/rewrite.js src/couchdb/couch_httpd_rewrite.erl

Author: jchris
Date: Wed May  5 21:17:25 2010
New Revision: 941495

URL: http://svn.apache.org/viewvc?rev=941495&view=rev
Log:
backport secure rewrites from r941451

Modified:
    couchdb/branches/0.11.x/   (props changed)
    couchdb/branches/0.11.x/etc/couchdb/default.ini.tpl.in
    couchdb/branches/0.11.x/etc/default/couchdb   (props changed)
    couchdb/branches/0.11.x/share/www/script/test/rewrite.js
    couchdb/branches/0.11.x/src/couchdb/couch_httpd_rewrite.erl

Propchange: couchdb/branches/0.11.x/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Wed May  5 21:17:25 2010
@@ -6,4 +6,4 @@
 /couchdb/branches/list-iterator:782292-784593
 /couchdb/branches/tail_header:775760-778477
 /couchdb/tags/0.10.0:825400
-/couchdb/trunk:909247,910054,910696,910910-910911,911544,911559,911578,911602,911717,911837,912474,912606,912608,912615,912636,915526,915529-915530,915827,916076,916153,916518,916521,917553,918855,919193,921707,923526,925264,931655,933039,936889
+/couchdb/trunk:909247,910054,910696,910910-910911,911544,911559,911578,911602,911717,911837,912474,912606,912608,912615,912636,915526,915529-915530,915827,916076,916153,916518,916521,917553,918855,919193,921707,923526,925264,931655,933039,936889,941451

Modified: couchdb/branches/0.11.x/etc/couchdb/default.ini.tpl.in
URL: http://svn.apache.org/viewvc/couchdb/branches/0.11.x/etc/couchdb/default.ini.tpl.in?rev=941495&r1=941494&r2=941495&view=diff
==============================================================================
--- couchdb/branches/0.11.x/etc/couchdb/default.ini.tpl.in (original)
+++ couchdb/branches/0.11.x/etc/couchdb/default.ini.tpl.in Wed May  5 21:17:25 2010
@@ -17,6 +17,7 @@ port = 5984
 bind_address = 127.0.0.1
 authentication_handlers = {couch_httpd_oauth, oauth_authentication_handler}, {couch_httpd_auth, cookie_authentication_handler}, {couch_httpd_auth, default_authentication_handler}
 default_handler = {couch_httpd_db, handle_request}
+secure_rewrites = true
 
 [log]
 file = %localstatelogdir%/couch.log

Propchange: couchdb/branches/0.11.x/etc/default/couchdb
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Wed May  5 21:17:25 2010
@@ -6,5 +6,5 @@
 /couchdb/branches/list-iterator/etc/default/couchdb:782292-784593
 /couchdb/branches/tail_header/etc/default/couchdb:775760-778477
 /couchdb/tags/0.10.0/etc/default/couchdb:825400
-/couchdb/trunk/etc/default/couchdb:909247,910054,910696,911544,911602,911717,911837,912474,912606,912608,912615,912636,915526,915529-915530,915827,916076,916153,916518,916521,917553,918855,919193,921707,923526,925264,931655,933039,936889
+/couchdb/trunk/etc/default/couchdb:909247,910054,910696,911544,911602,911717,911837,912474,912606,912608,912615,912636,915526,915529-915530,915827,916076,916153,916518,916521,917553,918855,919193,921707,923526,925264,931655,933039,936889,941451
 /incubator/couchdb/trunk/etc/default/couchdb:642419-694440

Modified: couchdb/branches/0.11.x/share/www/script/test/rewrite.js
URL: http://svn.apache.org/viewvc/couchdb/branches/0.11.x/share/www/script/test/rewrite.js?rev=941495&r1=941494&r2=941495&view=diff
==============================================================================
--- couchdb/branches/0.11.x/share/www/script/test/rewrite.js (original)
+++ couchdb/branches/0.11.x/share/www/script/test/rewrite.js Wed May  5 21:17:25 2010
@@ -132,11 +132,12 @@ couchTests.rewrite = function(debug) {
               }
             },
             {
-              "from": "uuids",
-              "to": "../../../_uuids"
+              "from": "simpleForm/complexView5/:a/:b",
+              "to": "_list/simpleForm/complexView3",
+              "query": {
+                "key": [":a", ":b"]
+              }
             }
-            
-            
           ],
           lists: {
             simpleForm: stringFun(function(head, req) {
@@ -321,12 +322,29 @@ couchTests.rewrite = function(debug) {
         
         
         // test path relative to server
+        designDoc.rewrites.push({
+           "from": "uuids",
+           "to": "../../../_uuids"
+        });
+        T(db.save(designDoc).ok);
         
         var xhr = CouchDB.request("GET", "/test_suite_db/_design/test/_rewrite/uuids");
-        T(xhr.status == 200);
+        T(xhr.status == 500);
         var result = JSON.parse(xhr.responseText);
-        T(result.uuids.length == 1);
-        var first = result.uuids[0];
+        T(result.error == "insecure_rewrite_rule");
+
+        run_on_modified_server(
+          [{section: "httpd",
+            key: "secure_rewrites",
+            value: "false"}],
+            function() {
+              var xhr = CouchDB.request("GET", "/test_suite_db/_design/test/_rewrite/uuids?cache=bust");
+              T(xhr.status == 200);
+              var result = JSON.parse(xhr.responseText);
+              T(result.uuids.length == 1);
+              var first = result.uuids[0];
+        });
+
   });
   
 }
\ No newline at end of file

Modified: couchdb/branches/0.11.x/src/couchdb/couch_httpd_rewrite.erl
URL: http://svn.apache.org/viewvc/couchdb/branches/0.11.x/src/couchdb/couch_httpd_rewrite.erl?rev=941495&r1=941494&r2=941495&view=diff
==============================================================================
--- couchdb/branches/0.11.x/src/couchdb/couch_httpd_rewrite.erl (original)
+++ couchdb/branches/0.11.x/src/couchdb/couch_httpd_rewrite.erl Wed May  5 21:17:25 2010
@@ -352,24 +352,34 @@ make_rule(Rule) ->
 
 parse_path(Path) ->
     {ok, SlashRE} = re:compile(<<"\\/">>),
-    path_to_list(re:split(Path, SlashRE), []).
+    path_to_list(re:split(Path, SlashRE), [], 0).
 
 %% @doc convert a path rule (from or to) to an erlang list
 %% * and path variable starting by ":" are converted
 %% in erlang atom.
-path_to_list([], Acc) ->
+path_to_list([], Acc, _DotDotCount) ->
     lists:reverse(Acc);
-path_to_list([<<>>|R], Acc) ->
-    path_to_list(R, Acc);
-path_to_list([<<"*">>|R], Acc) ->
-    path_to_list(R, [?MATCH_ALL|Acc]);
-path_to_list([P|R], Acc) ->
+path_to_list([<<>>|R], Acc, DotDotCount) ->
+    path_to_list(R, Acc, DotDotCount);
+path_to_list([<<"*">>|R], Acc, DotDotCount) ->
+    path_to_list(R, [?MATCH_ALL|Acc], DotDotCount);
+path_to_list([<<"..">>|R], Acc, DotDotCount) when DotDotCount == 2 ->
+    case couch_config:get("httpd", "secure_rewrites", "true") of
+    "false" ->
+        path_to_list(R, [<<"..">>|Acc], DotDotCount+1);
+    Else ->
+        ?LOG_INFO("insecure_rewrite_rule ~p blocked", [lists:reverse(Acc) ++ [<<"..">>] ++ R]),
+        throw({insecure_rewrite_rule, "too many ../.. segments"})
+    end;
+path_to_list([<<"..">>|R], Acc, DotDotCount) ->
+    path_to_list(R, [<<"..">>|Acc], DotDotCount+1);
+path_to_list([P|R], Acc, DotDotCount) ->
     P1 = case P of
         <<":", Var/binary>> ->
             list_to_atom(binary_to_list(Var));
         _ -> P
     end,
-    path_to_list(R, [P1|Acc]).
+    path_to_list(R, [P1|Acc], DotDotCount).
 
 encode_query(Props) ->
     Props1 = lists:foldl(fun ({K, V}, Acc) ->