Preventing path traversal by plugins? about sqlc HOT 10 CLOSED

@cbiffle and I were chatting about this before he filed the issue, and I was able to confirm they can (as he was writing it up!). I applied this diff to the Rust plugin demo:

--- a/src/main.rs
+++ b/src/main.rs
@@ -21,7 +21,7 @@ pub fn serialize_codegen_response(resp: &plugin::CodeGenResponse) -> Vec<u8> {

 pub fn create_codegen_response() -> plugin::CodeGenResponse {
     let mut file = plugin::File::default();
-    file.name = "hello.txt".to_string();
+    file.name = "../../../../../../../../../tmp/escaped.txt".to_string();
     file.contents = "Hello World".as_bytes().to_vec();

     let mut resp = plugin::CodeGenResponse::default();

and after running it:

% cat /tmp/escaped.txt
Hello World

from sqlc.

nod Something like "plugins can send commands to sqlc to have files created in the output directory, but can't directly access the filesystem"

from sqlc.

Excellent question! As the documentation states, WASM plugins do not have any filesystem access. The output of a plugin is specified in the out parameter. I need to investigate if plugin output can escape that directory using "..".

from sqlc.

WASM plugins do not have any filesystem access

It appears that they don't have filesystem access in the WASI sense, but that's a narrower statement. FWIW I also can't work out how to read the filesystem from a plugin, only write it, so, that's good.

from sqlc.

@jgallagher that looks conclusive to me. I'll get a PR up to fix the behavior. This could be a breaking change, so I'll need to decide if it can write to locations next to and under sqlc.json or the specified out directory.

Are you using sqlc at Oxide?

from sqlc.

Assuming this gets fixed, I might suggest rephrasing that statement to "plugins can only write files into their output directory," since "no access to the filesystem" suggests to me that they couldn't, say, deposit malware to it or fill it up -- and to be useful plugins the writing part is important!

Are you using sqlc at Oxide?

Not currently, but John and I both think it's a really neat idea.

from sqlc.

Yeah, it's a bit confusing to say that the plugins can write files, as they can't due to the sandbox. sqlc takes the output from the plugin and uses that to write the output files. I'm sure we can figure out some language that makes it clear what's happening.

from sqlc.

This doesn't include the necessary tests yet, but I believe #3195 should fix the issue.

from sqlc.

Alright, this should be fixed on main. Can you build sqlc from main and confirm your plugin now generates an error?

from sqlc.

Confirmed:

% sqlc-dev generate
# package sqlc-gen-rust
error generating code: invalid file output path: /tmp/escaped.txt

Thanks!

from sqlc.