mirror of https://github.com/MISP/MISP
fix: [security] Sanitise paths for several file interactions
- remove :// anywhere we don't expect a protocol to be supplied - remove phar:// in certauth plugin's fetcher - as reported by Dawid Czarnecki of Zigrin Securitypull/8063/merge
parent
0108f1bde2
commit
93821c0de6
|
@ -2588,6 +2588,7 @@ class AppModel extends Model
|
|||
App::uses('KafkaPubTool', 'Tools');
|
||||
$kafkaPubTool = new KafkaPubTool();
|
||||
$rdkafkaIni = Configure::read('Plugin.Kafka_rdkafka_config');
|
||||
$rdkafkaIni = mb_ereg_replace("/\:\/\//", '', $rdkafkaIni);
|
||||
$kafkaConf = array();
|
||||
if (!empty($rdkafkaIni)) {
|
||||
$kafkaConf = parse_ini_file($rdkafkaIni);
|
||||
|
|
|
@ -126,12 +126,13 @@ class Feed extends AppModel
|
|||
public function urlOrExistingFilepath($fields)
|
||||
{
|
||||
if ($this->isFeedLocal($this->data)) {
|
||||
$path = mb_ereg_replace("/\:\/\//", '', $this->data['Feed']['url']);
|
||||
if ($this->data['Feed']['source_format'] == 'misp') {
|
||||
if (!is_dir($this->data['Feed']['url'])) {
|
||||
if (!is_dir($path)) {
|
||||
return 'For MISP type local feeds, please specify the containing directory.';
|
||||
}
|
||||
} else {
|
||||
if (!file_exists($this->data['Feed']['url'])) {
|
||||
if (!file_exists($path)) {
|
||||
return 'Invalid path or file not found. Make sure that the path points to an existing file that is readable and watch out for typos.';
|
||||
}
|
||||
}
|
||||
|
@ -1929,6 +1930,7 @@ class Feed extends AppModel
|
|||
private function feedGetUri($feed, $uri, HttpSocket $HttpSocket = null)
|
||||
{
|
||||
if ($this->isFeedLocal($feed)) {
|
||||
$uri = mb_ereg_replace("/\:\/\//", '', $uri);
|
||||
if (file_exists($uri)) {
|
||||
return FileAccessTool::readFromFile($uri);
|
||||
} else {
|
||||
|
|
|
@ -259,6 +259,7 @@ class CertificateAuthenticate extends BaseAuthenticate
|
|||
}
|
||||
}
|
||||
$ctx = stream_context_create($req);
|
||||
$url = mb_ereg_replace("/phar\:\/\//i", '', $url);
|
||||
$a = file_get_contents($url, false, $ctx);
|
||||
if (!$a) return null;
|
||||
|
||||
|
|
Loading…
Reference in New Issue