Author: jchris Date: Wed May 5 21:17:25 2010 New Revision: 941495 URL: http://svn.apache.org/viewvc?rev=941495&view=rev Log: backport secure rewrites from r941451
Modified: couchdb/branches/0.11.x/ (props changed) couchdb/branches/0.11.x/etc/couchdb/default.ini.tpl.in couchdb/branches/0.11.x/etc/default/couchdb (props changed) couchdb/branches/0.11.x/share/www/script/test/rewrite.js couchdb/branches/0.11.x/src/couchdb/couch_httpd_rewrite.erl Propchange: couchdb/branches/0.11.x/ ------------------------------------------------------------------------------ --- svn:mergeinfo (original) +++ svn:mergeinfo Wed May 5 21:17:25 2010 @@ -6,4 +6,4 @@ /couchdb/branches/list-iterator:782292-784593 /couchdb/branches/tail_header:775760-778477 /couchdb/tags/0.10.0:825400 -/couchdb/trunk:909247,910054,910696,910910-910911,911544,911559,911578,911602,911717,911837,912474,912606,912608,912615,912636,915526,915529-915530,915827,916076,916153,916518,916521,917553,918855,919193,921707,923526,925264,931655,933039,936889 +/couchdb/trunk:909247,910054,910696,910910-910911,911544,911559,911578,911602,911717,911837,912474,912606,912608,912615,912636,915526,915529-915530,915827,916076,916153,916518,916521,917553,918855,919193,921707,923526,925264,931655,933039,936889,941451 Modified: couchdb/branches/0.11.x/etc/couchdb/default.ini.tpl.in URL: http://svn.apache.org/viewvc/couchdb/branches/0.11.x/etc/couchdb/default.ini.tpl.in?rev=941495&r1=941494&r2=941495&view=diff ============================================================================== --- couchdb/branches/0.11.x/etc/couchdb/default.ini.tpl.in (original) +++ couchdb/branches/0.11.x/etc/couchdb/default.ini.tpl.in Wed May 5 21:17:25 2010 @@ -17,6 +17,7 @@ port = 5984 bind_address = 127.0.0.1 authentication_handlers = {couch_httpd_oauth, oauth_authentication_handler}, {couch_httpd_auth, cookie_authentication_handler}, {couch_httpd_auth, default_authentication_handler} default_handler = {couch_httpd_db, handle_request} +secure_rewrites = true [log] file = %localstatelogdir%/couch.log Propchange: couchdb/branches/0.11.x/etc/default/couchdb ------------------------------------------------------------------------------ --- svn:mergeinfo (original) +++ svn:mergeinfo Wed May 5 21:17:25 2010 @@ -6,5 +6,5 @@ /couchdb/branches/list-iterator/etc/default/couchdb:782292-784593 /couchdb/branches/tail_header/etc/default/couchdb:775760-778477 /couchdb/tags/0.10.0/etc/default/couchdb:825400 -/couchdb/trunk/etc/default/couchdb:909247,910054,910696,911544,911602,911717,911837,912474,912606,912608,912615,912636,915526,915529-915530,915827,916076,916153,916518,916521,917553,918855,919193,921707,923526,925264,931655,933039,936889 +/couchdb/trunk/etc/default/couchdb:909247,910054,910696,911544,911602,911717,911837,912474,912606,912608,912615,912636,915526,915529-915530,915827,916076,916153,916518,916521,917553,918855,919193,921707,923526,925264,931655,933039,936889,941451 /incubator/couchdb/trunk/etc/default/couchdb:642419-694440 Modified: couchdb/branches/0.11.x/share/www/script/test/rewrite.js URL: http://svn.apache.org/viewvc/couchdb/branches/0.11.x/share/www/script/test/rewrite.js?rev=941495&r1=941494&r2=941495&view=diff ============================================================================== --- couchdb/branches/0.11.x/share/www/script/test/rewrite.js (original) +++ couchdb/branches/0.11.x/share/www/script/test/rewrite.js Wed May 5 21:17:25 2010 @@ -132,11 +132,12 @@ couchTests.rewrite = function(debug) { } }, { - "from": "uuids", - "to": "../../../_uuids" + "from": "simpleForm/complexView5/:a/:b", + "to": "_list/simpleForm/complexView3", + "query": { + "key": [":a", ":b"] + } } - - ], lists: { simpleForm: stringFun(function(head, req) { @@ -321,12 +322,29 @@ couchTests.rewrite = function(debug) { // test path relative to server + designDoc.rewrites.push({ + "from": "uuids", + "to": "../../../_uuids" + }); + T(db.save(designDoc).ok); var xhr = CouchDB.request("GET", "/test_suite_db/_design/test/_rewrite/uuids"); - T(xhr.status == 200); + T(xhr.status == 500); var result = JSON.parse(xhr.responseText); - T(result.uuids.length == 1); - var first = result.uuids[0]; + T(result.error == "insecure_rewrite_rule"); + + run_on_modified_server( + [{section: "httpd", + key: "secure_rewrites", + value: "false"}], + function() { + var xhr = CouchDB.request("GET", "/test_suite_db/_design/test/_rewrite/uuids?cache=bust"); + T(xhr.status == 200); + var result = JSON.parse(xhr.responseText); + T(result.uuids.length == 1); + var first = result.uuids[0]; + }); + }); } \ No newline at end of file Modified: couchdb/branches/0.11.x/src/couchdb/couch_httpd_rewrite.erl URL: http://svn.apache.org/viewvc/couchdb/branches/0.11.x/src/couchdb/couch_httpd_rewrite.erl?rev=941495&r1=941494&r2=941495&view=diff ============================================================================== --- couchdb/branches/0.11.x/src/couchdb/couch_httpd_rewrite.erl (original) +++ couchdb/branches/0.11.x/src/couchdb/couch_httpd_rewrite.erl Wed May 5 21:17:25 2010 @@ -352,24 +352,34 @@ make_rule(Rule) -> parse_path(Path) -> {ok, SlashRE} = re:compile(<<"\\/">>), - path_to_list(re:split(Path, SlashRE), []). + path_to_list(re:split(Path, SlashRE), [], 0). %% @doc convert a path rule (from or to) to an erlang list %% * and path variable starting by ":" are converted %% in erlang atom. -path_to_list([], Acc) -> +path_to_list([], Acc, _DotDotCount) -> lists:reverse(Acc); -path_to_list([<<>>|R], Acc) -> - path_to_list(R, Acc); -path_to_list([<<"*">>|R], Acc) -> - path_to_list(R, [?MATCH_ALL|Acc]); -path_to_list([P|R], Acc) -> +path_to_list([<<>>|R], Acc, DotDotCount) -> + path_to_list(R, Acc, DotDotCount); +path_to_list([<<"*">>|R], Acc, DotDotCount) -> + path_to_list(R, [?MATCH_ALL|Acc], DotDotCount); +path_to_list([<<"..">>|R], Acc, DotDotCount) when DotDotCount == 2 -> + case couch_config:get("httpd", "secure_rewrites", "true") of + "false" -> + path_to_list(R, [<<"..">>|Acc], DotDotCount+1); + Else -> + ?LOG_INFO("insecure_rewrite_rule ~p blocked", [lists:reverse(Acc) ++ [<<"..">>] ++ R]), + throw({insecure_rewrite_rule, "too many ../.. segments"}) + end; +path_to_list([<<"..">>|R], Acc, DotDotCount) -> + path_to_list(R, [<<"..">>|Acc], DotDotCount+1); +path_to_list([P|R], Acc, DotDotCount) -> P1 = case P of <<":", Var/binary>> -> list_to_atom(binary_to_list(Var)); _ -> P end, - path_to_list(R, [P1|Acc]). + path_to_list(R, [P1|Acc], DotDotCount). encode_query(Props) -> Props1 = lists:foldl(fun ({K, V}, Acc) ->