Merge pull request #194 from hexinw-nvidia/security_scan

fix: security risk in file symlink resolution.

Author: hexinw-nvidia

.github/workflows/unit_test.yml

@@ -12,36 +12,18 @@ jobs:
   build_wheels:
     runs-on: ubuntu-24.04
     container:
-      image: 'nvidia/cuda:11.8.0-cudnn8-devel-ubuntu20.04'
+      image: 'ghcr.io/nvidia/nvidia-resiliency-ext/builder_amd64:cuda-12.4.1-cudnn-devel-ubuntu20.04'
     steps:
-      - name: Update GCC
-        run: |
-          export DEBIAN_FRONTEND=noninteractive
-          apt update && apt install -y build-essential gcc-10 g++-10
-      - name: Install Python versions and pips
-        run: |
-          export DEBIAN_FRONTEND=noninteractive
-          apt update && apt install -y software-properties-common curl
-          add-apt-repository ppa:deadsnakes/ppa
-          apt-get install -y python3.10 python3.10-dev
-          apt-get install -y python3.11 python3.11-dev
-          apt-get install -y python3.12 python3.12-dev
-          curl -sS https://bootstrap.pypa.io/get-pip.py | python3.10
-          curl -sS https://bootstrap.pypa.io/get-pip.py | python3.11
-          curl -sS https://bootstrap.pypa.io/get-pip.py | python3.12
       - name: Checkout code
         uses: actions/checkout@v4
       - name: Build wheel with Python 3.10
         run: |
-          python3.10 -m pip install -U setuptools poetry build six pybind11
           python3.10 -m poetry build -f wheel
       - name: Build wheel with Python 3.11
         run: |
-          python3.11 -m pip install -U setuptools poetry build six pybind11
           python3.11 -m poetry build -f wheel
       - name: Build wheel with Python 3.12
         run: |
-          python3.12 -m pip install -U setuptools poetry build six pybind11
           python3.12 -m poetry build -f wheel
       - name: Upload the wheel artifact
         uses: actions/upload-artifact@v4

src/nvidia_resiliency_ext/shared_utils/log_aggregator.py

@@ -70,6 +70,7 @@
 
 from nvidia_resiliency_ext.shared_utils.log_manager import LogConfig
 from nvidia_resiliency_ext.shared_utils.log_node_local_tmp import NodeLogAggregator
+from nvidia_resiliency_ext.shared_utils.os_utils import validate_directory
 
 
 def main():
@@ -104,6 +105,9 @@ def main():
     if node_local_tmp_dir is None:
         raise RuntimeError("Distributed Log directory must be set for log aggregator service")
 
+    # Validate directory security before proceeding
+    list(map(validate_directory, [log_dir, node_local_tmp_dir]))
+
     print("Starting NVRx Log Aggregator Service")
     print(f"  Log Path: {os.path.join(log_dir, log_file)}")
     print(f"  Node Local Temp directory: {node_local_tmp_dir}")

src/nvidia_resiliency_ext/shared_utils/log_manager.py

@@ -99,6 +99,7 @@
     DynamicLogFormatter,
     NodeLocalTmpLogHandler,
 )
+from nvidia_resiliency_ext.shared_utils.os_utils import validate_directory
 
 
 class LogConfig:
@@ -242,6 +243,7 @@ def _setup_logger(self) -> logging.Logger:
 
         if self.node_local_tmp_logging_enabled:
             os.makedirs(self._node_local_tmp_dir, exist_ok=True)
+            validate_directory(self._node_local_tmp_dir)
             handler = NodeLocalTmpLogHandler(
                 self.workload_local_rank,
                 self._node_local_tmp_dir,

src/nvidia_resiliency_ext/shared_utils/log_node_local_tmp.py

@@ -25,6 +25,8 @@
 from datetime import datetime
 from typing import Dict, List, Optional
 
+from nvidia_resiliency_ext.shared_utils.os_utils import validate_filepath
+
 
 class NodeLocalTmpLogHandler(logging.Handler):
     """Custom log handler that logs messages to temporary files on local node storage."""
@@ -103,7 +105,8 @@ def _write_message(self, message: str):
                     sys.stderr.write(f"File rotation error for {self.fname}: {e}\n")
                     sys.stderr.flush()
 
-            # Append message to the rank's message file
+            # Validate file path before opening
+            validate_filepath(self.fname)
             with open(self.fname, 'a') as f:
                 f.write(f"{message}\n")
                 f.flush()  # Ensure message is written immediately
@@ -301,6 +304,7 @@ def _aggregator_loop(self):
         """Main loop for the log aggregator."""
         # Setup per-node log file
         log_file = os.path.join(self._log_dir, self._log_file)
+        validate_filepath(log_file)
         output = open(log_file, 'a', buffering=1)  # Line buffered
         try:
             self._process_messages(output)

src/nvidia_resiliency_ext/shared_utils/os_utils.py

@@ -0,0 +1,94 @@
+# SPDX-FileCopyrightText: NVIDIA CORPORATION & AFFILIATES
+# Copyright (c) 2025 NVIDIA CORPORATION & AFFILIATES. All rights reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+"""
+OS utilities for safe file operations.
+
+This module provides os utilities to prevent symlink attacks and ensure
+safe file operations.
+"""
+
+import os
+import stat
+
+
+def validate_directory(dir_path: str) -> None:
+    """
+    Validate that a directory is safe for file operations.
+
+    This function performs comprehensive security checks to ensure the directory
+    is safe from symlink attacks and has appropriate permissions.
+
+    Args:
+        dir_path: Path to the directory to validate
+
+    Raises:
+        OSError: If the directory is unsafe or inaccessible
+    """
+    if not os.path.exists(dir_path):
+        return
+
+    # Check if it's actually a directory
+    if not os.path.isdir(dir_path):
+        raise OSError(f"Path is not a directory: {dir_path}")
+
+    # Check if it's a symlink
+    if os.path.islink(dir_path):
+        raise OSError(f"Directory is a symlink: {dir_path}")
+
+    # Get directory stats
+    try:
+        dir_stat = os.stat(dir_path)
+    except OSError as e:
+        raise OSError(f"Cannot access directory {dir_path}: {e}")
+
+    # Check if it's a regular directory (not a special file)
+    if not stat.S_ISDIR(dir_stat.st_mode):
+        raise OSError(f"Path is not a regular directory: {dir_path}")
+
+    # Check permissions - directory should not be world-writable unless sticky bit is set
+    mode = dir_stat.st_mode
+    if stat.S_IWOTH & mode:  # World writable
+        if not (stat.S_ISVTX & mode):  # No sticky bit
+            raise OSError(f"Directory is world-writable without sticky bit: {dir_path}")
+
+
+def validate_filepath(file_path: str) -> None:
+    """
+    Validate that a file path is safe for file operations.
+
+    This function checks that the file (if it exists) is not a symlink and is a regular file.
+
+    Args:
+        file_path: Path to the file to validate
+
+    Raises:
+        OSError: If the file is unsafe or inaccessible
+    """
+    if os.path.exists(file_path):
+        validate_directory(os.path.dirname(file_path))
+        # Check if it's a symlink - this must be done every time
+        if os.path.islink(file_path):
+            raise OSError(f"File is a symlink: {file_path}")
+
+        # Validate it's a regular file
+        try:
+            file_stat = os.stat(file_path)  # Follow symlinks for stat
+            if not stat.S_ISREG(file_stat.st_mode):
+                raise OSError(f"Path is not a regular file: {file_path}")
+        except OSError as e:
+            raise OSError(f"Cannot access file {file_path}: {e}")
+    # If file doesn't exist, that's fine - it will be created