Ensure we never leave the config directory when parsing config files and databases

Author: pierres

internal/pacman/packages.go

@@ -3,13 +3,12 @@ package pacman
 import (
 	"fmt"
 	"os"
-	"path/filepath"
 )
 
 func (p *Pacman) GetInstalledPackages() ([]string, error) {
 	const verParts = 2
 
-	db, err := os.Open(filepath.Join(p.config.dbPath, "local"))
+	db, err := os.OpenInRoot(p.config.dbPath, "local")
 	if err != nil {
 		return nil, fmt.Errorf("failed to open pacman DB: %w", err)
 	}

internal/pacman/parser.go

@@ -25,24 +25,39 @@ type Pacman struct {
 }
 
 type parser struct {
+	baseDir          *os.Root
 	includeFileCache map[string][]string
 }
 
 func Parse(pacmanConfPath string) (*Pacman, error) {
-	conf, err := newParser().parseConfigFile(pacmanConfPath, defaultDBPath)
+	baseDir, err := os.OpenRoot(filepath.Dir(pacmanConfPath))
+	if err != nil {
+		return nil, err
+	}
+
+	conf, err := newParser(baseDir).parseConfigFile(pacmanConfPath, defaultDBPath)
 	if err != nil {
 		return nil, err
 	}
 
 	return &Pacman{config: conf}, nil
 }
 
-func newParser() *parser {
+func newParser(baseDir *os.Root) *parser {
 	return &parser{
+		baseDir:          baseDir,
 		includeFileCache: make(map[string][]string),
 	}
 }
 
+func (parser *parser) openFile(name string) (*os.File, error) {
+	fileName, ok := strings.CutPrefix(name, parser.baseDir.Name()+"/")
+	if !ok {
+		return nil, fmt.Errorf("filename %s is not relative to %s", name, parser.baseDir.Name())
+	}
+	return parser.baseDir.Open(fileName)
+}
+
 func (parser *parser) parseConfigFile(configPath string, defaultDBPath string) (*config, error) {
 	lines, err := parser.readConfigFile(configPath, 0)
 	if err != nil {
@@ -69,7 +84,7 @@ func (parser *parser) readConfigFile(fileName string, depth int) ([]string, erro
 	if depth >= configMaxRecursion {
 		return nil, fmt.Errorf("reached maximum Include depth of %d", depth)
 	}
-	readFile, err := os.Open(fileName)
+	readFile, err := parser.openFile(fileName)
 	if err != nil {
 		return nil, err
 	}

tests/unit/internal/pacman/pacman_test.go

@@ -95,9 +95,10 @@ func TestGetServer(t *testing.T) {
 }
 
 func TestPacmanConfIncludes(t *testing.T) {
-	pacmanConfFile := filepath.Join(t.TempDir(), "pacman.conf")
-	pacmanConfFileInclude1 := filepath.Join(t.TempDir(), "pacman-include1.conf")
-	pacmanConfFileInclude2 := filepath.Join(t.TempDir(), "pacman-include2.conf")
+	tempDir := t.TempDir()
+	pacmanConfFile := filepath.Join(tempDir, "pacman.conf")
+	pacmanConfFileInclude1 := filepath.Join(tempDir, "pacman-include1.conf")
+	pacmanConfFileInclude2 := filepath.Join(tempDir, "pacman-include2.conf")
 
 	if err := os.WriteFile(pacmanConfFile, fmt.Appendf(nil, "[core]\nInclude=%s\n", pacmanConfFileInclude1), 0o600); err != nil {
 		t.Fatalf("Failed to create pacman.conf: %v", err)
@@ -123,12 +124,13 @@ func TestPacmanConfIncludes(t *testing.T) {
 }
 
 func TestPacmanConfIncludesGlob(t *testing.T) {
-	pacmanConfFile := filepath.Join(t.TempDir(), "pacman.conf")
-	d := t.TempDir()
-	pacmanConfFileInclude1 := filepath.Join(d, "pacman-include1.conf")
-	pacmanConfFileInclude2 := filepath.Join(d, "pacman-include2.conf")
+	tempDir := t.TempDir()
+
+	pacmanConfFile := filepath.Join(tempDir, "pacman.conf")
+	pacmanConfFileInclude1 := filepath.Join(tempDir, "pacman-include1.conf")
+	pacmanConfFileInclude2 := filepath.Join(tempDir, "pacman-include2.conf")
 
-	if err := os.WriteFile(pacmanConfFile, fmt.Appendf(nil, "[core]\nInclude=%s/pacman-*.conf\n", d), 0o600); err != nil {
+	if err := os.WriteFile(pacmanConfFile, fmt.Appendf(nil, "[core]\nInclude=%s/pacman-*.conf\n", tempDir), 0o600); err != nil {
 		t.Fatalf("Failed to create pacman.conf: %v", err)
 	}
 	if err := os.WriteFile(pacmanConfFileInclude1, []byte(""), 0o600); err != nil {