File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 2727 IFS=" ${IFS} " $' \r '
2828 words=($( cut -b 1-1024 " $VERSION_FILE " | sed -n ' s/^[[:space:]]*\([^[:space:]#][^[:space:]]*\).*/\1/p' ) )
2929
30- versions=(" ${words[@]} " )
30+ # Filter out potentially malicious version strings to prevent path traversal (CVE-2022-35861)
31+ versions=()
32+ for word in " ${words[@]} " ; do
33+ if [[ -z " $word " || " $word " == \# * ]]; then
34+ # Skip empty lines and comments
35+ continue
36+ elif [[ " $word " == " .." ]] || [[ " $word " == * /* ]]; then
37+ # The version string is used to construct a path and we skip dubious values.
38+ # This prevents issues such as path traversal (CVE-2022-35861).
39+ continue
40+ fi
41+ versions=(" ${versions[@]} " " $word " )
42+ done
3143fi
3244
3345if [ ! -n " $versions " ]; then
Original file line number Diff line number Diff line change 109109 run goenv-version-file-read my-version
110110 assert_success " 1.11.1"
111111}
112+
113+ @test " skips relative path traversal" {
114+ cat > my-version << IN
115+ 1.11.1
116+ 1.10.8
117+ ..
118+ ./*
119+ 1.9.7
120+ IN
121+
122+ run goenv-version-file-read my-version
123+ assert_success " 1.11.1:1.10.8:1.9.7"
124+ }
You can’t perform that action at this time.
0 commit comments