FIXME: directory traversal vulnerability in agent codepath

Function Load() could be used to overwrite any files with user-controlled input of plugin name. Must do path validation before further procedure of plugin downlaoding. Signed-off-by: shenping.matt <[email protected]>
bytedance · May 23, 2024 · 2ee3e4c · 2ee3e4c
1 parent 65b7478
commit 2ee3e4c
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/agent/plugin/plugin_linux.go b/agent/plugin/plugin_linux.go
@@ -66,6 +66,13 @@ func Load(ctx context.Context, config proto.Config) (plg *Plugin, err error) {
 	logger := zap.S().With("plugin", config.Name, "pver", config.Version, "psign", config.Signature)
 	logger.Info("plugin is loading...")
 	workingDirectory := path.Join(agent.WorkingDirectory, "plugin", config.Name)
+	patternDirectory := path.Join(agent.WorkingDirectory, "plugin", "*")
+	match, err := path.Match(patternDirectory, workingDirectory);
+        if match != true {
+		logger.Warn("invalid path & name for plugin: ", config.Name)
+		return
+	}
+
 	// for compatibility
 	os.Remove(path.Join(workingDirectory, config.Name+".stderr"))
 	os.Remove(path.Join(workingDirectory, config.Name+".stdout"))