Item13358: Extension installer fails with multiple Taint errors installing / removing extensions

If Taint::Runtime is installed and ASSERTS are enabled, the extension installer crashes in multiple places

• Unable to log
• Unable to create a backup
• Unable to move / copy files
• Unable to chmod the files after copy.

It appears that the Foswiki::cfg variables are all tainted. Untainted in multiple locations, and keep running into further taint issues.

-- GeorgeClark - 07 Apr 2015

Even with the following changes, I can't get it to work.

diff --git a/core/lib/Foswiki/Configure/Package.pm b/core/lib/Foswiki/Configure/Package.pm
index 54fb00b..f0ffb34 100644
--- a/core/lib/Foswiki/Configure/Package.pm
+++ b/core/lib/Foswiki/Configure/Package.pm
@@ -215,6 +215,7 @@ sub option {
           . $timestamp . '-'
           . $action . '.log';
         Foswiki::Configure::Load::expandValue( $this->{_logfile} );
+        ($this->{_logfile}) = $this->{_logfile} =~ m/^(.*)$/;
         return $this;
     }
 
@@ -497,6 +498,7 @@ HERE
         return 1
           unless $node->{keys}
           && exists $node->{default};
+        print STDERR Data::Dumper::Dumper( \$node->{default} );
         my $val = $node->decodeValue( eval( $node->{default} ) );
         if ( $this->{simulated} ) {
             $this->{reporter}->NOTE( "\t* $node->{keys} = "
@@ -1010,6 +1012,9 @@ sub _moveFile {
         $force     # Force copy even if simulate - used for the .tgz archive
     ) = @_;
 
+    ($from) = $from =~ m/^(.*)$/; # Untaint - trusted locations
+    ($to)   = $to =~ m/^(.*)$/; # Untaint - trusted locations
+
     my @path = split( /[\/\\]+/, $to, -1 );    # -1 allows directories
     pop(@path);
     if ( !$this->option('SIMULATE') || $force ) {
@@ -1049,6 +1054,8 @@ sub _createBackup {
     my ( $this, $reporter ) = @_;
     my $root = $this->{_root};
     $root =~ s#\\#/#g;    # Convert windows style slashes
+    use Taint::Runtime qw($TAINT);
+    local $TAINT = 0;
 
     require Foswiki::Time;
     my $stamp =
@@ -1056,7 +1063,9 @@ sub _createBackup {
         'servertime' );
 
     my $bkdir  = "$Foswiki::cfg{WorkingDir}/configure/backup";
+    ($bkdir) = $bkdir =~ m/^(.*)$/;  # Trusted location.
     my $bkname = "$this->{_pkgname}-backup-$stamp";
+    ($bkname) = $bkname =~ m/^(.*)$/;  # Trusted location.
     my $pkgstore .= "$bkdir/$bkname";
     my $ok = 1;
 
@@ -1083,20 +1092,24 @@ sub _createBackup {
             next
               unless $tofile
               ;   # Unit tests use a tmp working directory which fails the match
+            ($tofile) = $tofile =~ m/^(.*)$/;
             my @path = split( /[\/\\]+/, "$pkgstore/$tofile", -1 )
               ;    # -1 allows directories
             pop(@path);
             if ( scalar(@path) ) {
-                File::Path::mkpath( join( '/', @path ) )
+                my $tmppath = join( '/', @path);
+                ($tmppath) = $tmppath =~ m/^(.*)$/;
+                File::Path::mkpath( $tmppath )
                   unless ( $this->option('SIMULATE') );
                 my $mode = $fstat->mode;
 
                 #( stat($file) )[2];    # File::Copy doesn't copy permissions
-                File::Copy::copy( $file, "$pkgstore/$tofile" )
+                my $tfile = "$pkgstore/$tofile" =~ m/^(.*)$/;
+                File::Copy::copy( $file, $tfile )
                   unless ( $this->option('SIMULATE') );
                 $mode =~ m/(.*)/;
                 $mode = $1;    #yes, we must untaint
-                chmod( $mode, "$pkgstore/$tofile" )
+                chmod( $mode, $tfile  )
                   unless ( $this->option('SIMULATE') );
             }
         }
@@ -1260,6 +1273,7 @@ sub uninstall {
 
     my $pkgdata =
       "$Foswiki::cfg{WorkingDir}/configure/pkgdata/$this->{_pkgname}_installer";
+    ($pkgdata) = $pkgdata =~ m/^(.*)$/;     # Trusted information.
     unless ( $this->option('SIMULATE') ) {
         push( @removed, $pkgdata );
         unlink $pkgdata;

-- GeorgeClark - 07 Apr 2015

Commenting is disabled while not logged in