Merge "Prevent using symlinks to starlark files" into main am: 124101862b am: 5ddf4a3006

Original change: https://android-review.googlesource.com/c/platform/build/+/2824818 Change-Id: I2a51939771f153a16440bb78630b1ff16d279334 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-11-10 01:19:33 +00:00 · 2023-11-10 01:19:33 +00:00 · f027dee3fc
commit f027dee3fc
parent 01cd459cc9 5ddf4a3006
3 changed files with 37 additions and 0 deletions
--- a/tools/rbcrun/host.go
+++ b/tools/rbcrun/host.go
@ -63,6 +63,14 @@ var sclBuiltins starlark.StringDict = starlark.StringDict{
 	"json": starlarkjson.Module,
 }

+func isSymlink(filepath string) (bool, error) {
+	if info, err := os.Lstat(filepath); err == nil {
+		return info.Mode() & os.ModeSymlink != 0, nil
+	} else {
+		return false, err
+	}
+}
+
 // Takes a module name (the first argument to the load() function) and returns the path
 // it's trying to load, stripping out leading //, and handling leading :s.
 func cleanModuleName(moduleName string, callerDir string, allowExternalPaths bool) (string, error) {
@ -158,6 +166,13 @@ func loader(thread *starlark.Thread, module string) (starlark.StringDict, error)
 			if strings.HasSuffix(modulePath, ".scl") {
 				mode = ExecutionModeScl
 			}
+
+			if sym, err := isSymlink(modulePath); sym && err == nil {
+				return nil, fmt.Errorf("symlinks to starlark files are not allowed. Instead, load the target file and re-export its symbols: %s", modulePath)
+			} else if err != nil {
+				return nil, err
+			}
+
 			childThread := &starlark.Thread{Name: "exec " + module, Load: thread.Load}
 			// Cheating for the sake of testing:
 			// propagate starlarktest's Reporter key, otherwise testing
@ -368,6 +383,12 @@ func Run(filename string, src interface{}, mode ExecutionMode, allowExternalEntr
 		return nil, nil, err
 	}

+	if sym, err := isSymlink(filename); sym && err == nil {
+		return nil, nil, fmt.Errorf("symlinks to starlark files are not allowed. Instead, load the target file and re-export its symbols: %s", filename)
+	} else if err != nil {
+		return nil, nil, err
+	}
+
 	// Add top-level file to cache for cycle detection purposes
 	moduleCache[filename] = nil

--- a/tools/rbcrun/host_test.go
+++ b/tools/rbcrun/host_test.go
@ -186,6 +186,21 @@ func TestSclLoadsBzl(t *testing.T) {
 	}
 }

+func TestCantLoadSymlink(t *testing.T) {
+	moduleCache = make(map[string]*modentry)
+	dir := dataDir()
+	if err := os.Chdir(filepath.Dir(dir)); err != nil {
+		t.Fatal(err)
+	}
+	_, _, err := Run("testdata/test_scl_symlink.scl", nil, ExecutionModeScl, false)
+	if err == nil {
+		t.Fatal("Expected failure")
+	}
+	if !strings.Contains(err.Error(), "symlinks to starlark files are not allowed") {
+		t.Fatalf("Expected error to contain \"symlinks to starlark files are not allowed\": %q", err.Error())
+	}
+}
+
 func TestShell(t *testing.T) {
 	exerciseStarlarkTestFile(t, "testdata/shell.star")
 }
--- a/tools/rbcrun/testdata/test_scl_symlink.scl
+++ b/tools/rbcrun/testdata/test_scl_symlink.scl
@ -0,0 +1 @@
+test_scl.scl