From 7ce9de201708eb3b69b7dd8dee7c0b9ded15e905 Mon Sep 17 00:00:00 2001 From: Sean Hall Date: Wed, 16 Dec 2020 20:39:02 -0600 Subject: Canonicalize Payload/@Name. --- .../ExtensibilityServices/BackendHelper.cs | 8 +++++++ .../ExtensibilityServices/ParseHelper.cs | 27 ++++++++++++++++++---- 2 files changed, 30 insertions(+), 5 deletions(-) (limited to 'src/WixToolset.Core') diff --git a/src/WixToolset.Core/ExtensibilityServices/BackendHelper.cs b/src/WixToolset.Core/ExtensibilityServices/BackendHelper.cs index e4b6e959..7b20286c 100644 --- a/src/WixToolset.Core/ExtensibilityServices/BackendHelper.cs +++ b/src/WixToolset.Core/ExtensibilityServices/BackendHelper.cs @@ -15,10 +15,13 @@ namespace WixToolset.Core.ExtensibilityServices public BackendHelper(IWixToolsetServiceProvider serviceProvider) { this.Messaging = serviceProvider.GetService(); + this.ParseHelper = serviceProvider.GetService(); } private IMessaging Messaging { get; } + private IParseHelper ParseHelper { get; } + public IFileTransfer CreateFileTransfer(string source, string destination, bool move, SourceLineNumber sourceLineNumbers = null) { var sourceFullPath = this.GetValidatedFullPath(sourceLineNumbers, source); @@ -49,6 +52,11 @@ namespace WixToolset.Core.ExtensibilityServices }; } + public string GetCanonicalRelativePath(SourceLineNumber sourceLineNumbers, string elementName, string attributeName, string relativePath) + { + return this.ParseHelper.GetCanonicalRelativePath(sourceLineNumbers, elementName, attributeName, relativePath); + } + public ITrackedFile TrackFile(string path, TrackedFileType type, SourceLineNumber sourceLineNumbers = null) { return new TrackedFile(path, type, sourceLineNumbers); diff --git a/src/WixToolset.Core/ExtensibilityServices/ParseHelper.cs b/src/WixToolset.Core/ExtensibilityServices/ParseHelper.cs index af3f40aa..de5595e1 100644 --- a/src/WixToolset.Core/ExtensibilityServices/ParseHelper.cs +++ b/src/WixToolset.Core/ExtensibilityServices/ParseHelper.cs @@ -540,11 +540,7 @@ namespace WixToolset.Core.ExtensibilityServices } else if (allowRelative) { - var normalizedPath = value.Replace('\\', '/'); - if (normalizedPath.StartsWith("../", StringComparison.Ordinal) || normalizedPath.Contains("/../")) - { - this.Messaging.Write(ErrorMessages.PayloadMustBeRelativeToCache(sourceLineNumbers, attribute.Parent.Name.LocalName, attribute.Name.LocalName, value)); - } + value = this.GetCanonicalRelativePath(sourceLineNumbers, attribute.Parent.Name.LocalName, attribute.Name.LocalName, value); } else if (CompilerCore.IsAmbiguousFilename(value)) { @@ -705,6 +701,27 @@ namespace WixToolset.Core.ExtensibilityServices } } + public string GetCanonicalRelativePath(SourceLineNumber sourceLineNumbers, string elementName, string attributeName, string relativePath) + { + const string root = @"C:\"; + if (!Path.IsPathRooted(relativePath)) + { + var normalizedPath = Path.GetFullPath(root + relativePath); + if (normalizedPath.StartsWith(root)) + { + var canonicalizedPath = normalizedPath.Substring(root.Length); + if (canonicalizedPath != relativePath) + { + this.Messaging.Write(WarningMessages.PathCanonicalized(sourceLineNumbers, elementName, attributeName, relativePath, canonicalizedPath)); + } + return canonicalizedPath; + } + } + + this.Messaging.Write(ErrorMessages.PayloadMustBeRelativeToCache(sourceLineNumbers, elementName, attributeName, relativePath)); + return relativePath; + } + public SourceLineNumber GetSourceLineNumbers(XElement element) { return Preprocessor.GetSourceLineNumbers(element); -- cgit v1.2.3-55-g6feb