sprints and audit work

2026-01-07 09:36:16 +02:00
parent 05833e0af2
commit ab364c6032
377 changed files with 64534 additions and 1627 deletions
--- a/src/AirGap/StellaOps.AirGap.Importer/Validation/RuleBundleValidator.cs
+++ b/src/AirGap/StellaOps.AirGap.Importer/Validation/RuleBundleValidator.cs
@@ -128,7 +128,14 @@ public sealed class RuleBundleValidator
        var digestErrors = new List<string>();
        foreach (var file in manifest.Files)
        {
-            var filePath = Path.Combine(request.BundleDirectory, file.Name);
+            // Validate path to prevent traversal attacks
+            if (!PathValidation.IsSafeRelativePath(file.Name))
+            {
+                digestErrors.Add($"unsafe-path:{file.Name}");
+                continue;
+            }
+
+            var filePath = PathValidation.SafeCombine(request.BundleDirectory, file.Name);
            if (!File.Exists(filePath))
            {
                digestErrors.Add($"file-missing:{file.Name}");
@@ -345,3 +352,81 @@ internal sealed class RuleBundleFileEntry
    public string Digest { get; set; } = string.Empty;
    public long SizeBytes { get; set; }
 }
+
+/// <summary>
+/// Utility methods for path validation and security.
+/// </summary>
+internal static class PathValidation
+{
+    /// <summary>
+    /// Validates that a relative path does not escape the bundle root.
+    /// </summary>
+    public static bool IsSafeRelativePath(string? relativePath)
+    {
+        if (string.IsNullOrWhiteSpace(relativePath))
+        {
+            return false;
+        }
+
+        // Check for absolute paths
+        if (Path.IsPathRooted(relativePath))
+        {
+            return false;
+        }
+
+        // Check for path traversal sequences
+        var normalized = relativePath.Replace('\\', '/');
+        var segments = normalized.Split('/', StringSplitOptions.RemoveEmptyEntries);
+
+        var depth = 0;
+        foreach (var segment in segments)
+        {
+            if (segment == "..")
+            {
+                depth--;
+                if (depth < 0)
+                {
+                    return false;
+                }
+            }
+            else if (segment != ".")
+            {
+                depth++;
+            }
+        }
+
+        // Also check for null bytes
+        if (relativePath.Contains('\0'))
+        {
+            return false;
+        }
+
+        return true;
+    }
+
+    /// <summary>
+    /// Combines a root path with a relative path, validating that the result does not escape the root.
+    /// </summary>
+    public static string SafeCombine(string rootPath, string relativePath)
+    {
+        if (!IsSafeRelativePath(relativePath))
+        {
+            throw new ArgumentException(
+                $"Invalid relative path: path traversal or absolute path detected in '{relativePath}'",
+                nameof(relativePath));
+        }
+
+        var combined = Path.GetFullPath(Path.Combine(rootPath, relativePath));
+        var normalizedRoot = Path.GetFullPath(rootPath);
+
+        // Ensure the combined path starts with the root path
+        if (!combined.StartsWith(normalizedRoot, StringComparison.OrdinalIgnoreCase))
+        {
+            throw new ArgumentException(
+                $"Path '{relativePath}' escapes root directory",
+                nameof(relativePath));
+        }
+
+        return combined;
+    }
+}