diff options
| author | toastal | 2026-04-15 01:43:05 +0000 |
|---|---|---|
| committer | ยท๐๐ด๐๐๐ฉ๐ค | 2026-04-15 01:43:05 +0000 |
| commit | 9b65a20925349dbdc5919041d81cbd12ad8facf1 (patch) | |
| tree | 81d98cf0191e890b2af523d69a2d2849b71157de | |
| parent | 2de700733370b22797ff71667f68c119951c3194 (diff) | |
| download | nixtaml-9b65a20925349dbdc5919041d81cbd12ad8facf1.tar nixtaml-9b65a20925349dbdc5919041d81cbd12ad8facf1.tar.gz nixtaml-9b65a20925349dbdc5919041d81cbd12ad8facf1.tar.bz2 nixtaml-9b65a20925349dbdc5919041d81cbd12ad8facf1.tar.lz nixtaml-9b65a20925349dbdc5919041d81cbd12ad8facf1.tar.xz nixtaml-9b65a20925349dbdc5919041d81cbd12ad8facf1.tar.zst nixtaml-9b65a20925349dbdc5919041d81cbd12ad8facf1.zip | |
Phase 1: Fix security vulnerabilities and error handling
- Fix command injection in editor.ml using Filename.quote
- Change KDL.of_flow to return Result instead of failwith
- Update manifest.ml to handle new Result type
Security: Prevents shell injection when opening files with
malicious filenames containing shell metacharacters.
Error handling: KDL parsing errors now return Result type
instead of crashing with failwith.
| -rw-r--r-- | lib/editor.ml | 2 | ||||
| -rw-r--r-- | lib/kDL.ml | 5 | ||||
| -rw-r--r-- | lib/manifest.ml | 3 |
3 files changed, 6 insertions, 4 deletions
diff --git a/lib/editor.ml b/lib/editor.ml index 49706b4..a68c6b0 100644 --- a/lib/editor.ml +++ b/lib/editor.ml @@ -13,6 +13,6 @@ let find () = let run_on file = match find () with | ed when String.contains ed ' ' -> - Unix.execvp "/bin/sh" [|"/bin/sh"; "-c"; ed ^ " " ^ file|] + Unix.execvp "/bin/sh" [|"/bin/sh"; "-c"; ed ^ " " ^ Filename.quote file|] | ed -> Unix.execvp ed [|ed; file|] @@ -11,8 +11,9 @@ let of_flow flow = (fun buf -> Eio.Buf_read.take_all buf |> Kdl.of_string) ~max_size: max_int flow + |> Result.ok with - | exn -> failwith (Printexc.to_string exn) + | Kdl.Parse_error (msg, _) -> Error (`ParseError msg) let to_flow flow doc = Eio.Buf_write.with_flow flow @@ fun buf -> @@ -40,7 +41,7 @@ module L = KDL_lens_result module Valid = struct type err = [ | L.lerr - | `ParseError of Kdl.error + | `ParseError of string | `OneRequired of string list | `OnlyOneOf of string list | `InvalidLatestCmd of string diff --git a/lib/manifest.ml b/lib/manifest.ml index 77c75f3..7bf2997 100644 --- a/lib/manifest.ml +++ b/lib/manifest.ml @@ -869,10 +869,11 @@ let read () = let working_dir = Working_directory.get () in let filepath = Eio.Path.(working_dir / filename) in Logs.info (fun m -> m "Reading manifest @@ %a โฆ" Eio.Path.pp filepath); - let* kdl = + let kdl_result = Eio.Path.with_open_in filepath @@ fun flow -> KDL.of_flow flow in + let* kdl = kdl_result |> Result.map_error (fun (`ParseError msg) -> `Parsing [`ParseError msg]) in let () = manifest := Some kdl in Ok kdl |