 |
Kea 3.1.9
|
|
Kea 3.1.9
|
Embodies a supported path against which file paths can be validated. More...
#include <filesystem.h>
Public Member Functions | |
| PathChecker (const std::string default_path, const std::string env_name="") | |
| Constructor. | |
| virtual | ~PathChecker () |
| Destructor. | |
| std::string | getDefaultPath () const |
| Fetches the default path. | |
| std::string | getEnvName () const |
| Fetches the environment variable name. | |
| std::string | getPath (bool reset=false, const std::string explicit_path="") |
| Fetches the supported path. | |
| bool | isDefaultOverridden () |
| Indicates if the default path has been overridden. | |
| bool | pathHasPermissions (mode_t permissions, bool enforce_perms=shouldEnforceSecurity()) const |
| Check if the path has expected permissions. | |
| std::string | validateDirectory (const std::string input_path_str, bool enforce_path=shouldEnforceSecurity()) const |
| Validates a directory against a supported path. | |
| std::string | validatePath (const std::string input_path_str, bool enforce_path=shouldEnforceSecurity()) const |
| Validates a file path against a supported path. | |
Static Public Member Functions | |
| static void | enableEnforcement (bool enable) |
| Enables or disables security enforcement checks. | |
| static bool | shouldEnforceSecurity () |
| Indicates security checks should be enforced. | |
Embodies a supported path against which file paths can be validated.
Definition at line 222 of file filesystem.h.
| isc::util::file::PathChecker::PathChecker | ( | const std::string | default_path, |
| const std::string | env_name = "" ) |
Constructor.
Makes a call to getPath(true) to initialize the supported path.
| default_path | path to use unless overridden by explicitly or via environment variable. |
| env_name | name of environment variable (if one), that can override the default path. |
Definition at line 255 of file filesystem.cc.
References getPath().
|
inlinevirtual |
Destructor.
Definition at line 235 of file filesystem.h.
|
static |
Enables or disables security enforcement checks.
| enable | true to enable security checks, false to disable. |
Definition at line 365 of file filesystem.cc.
Referenced by main(), and isc::process::DControllerBase::parseArgs().
|
inline |
Fetches the default path.
Definition at line 304 of file filesystem.h.
|
inline |
Fetches the environment variable name.
Definition at line 309 of file filesystem.h.
| std::string isc::util::file::PathChecker::getPath | ( | bool | reset = false, |
| const std::string | explicit_path = "" ) |
Fetches the supported path.
When called with reset=true it will calculate the supported path as follows:
| reset | recalculate when true, defaults to false. |
| explicit_path | set the default path to this value. This is for testing purposes only. |
Definition at line 263 of file filesystem.cc.
Referenced by PathChecker().
| bool isc::util::file::PathChecker::isDefaultOverridden | ( | ) |
Indicates if the default path has been overridden.
Definition at line 357 of file filesystem.cc.
| bool isc::util::file::PathChecker::pathHasPermissions | ( | mode_t | permissions, |
| bool | enforce_perms = shouldEnforceSecurity() ) const |
Check if the path has expected permissions.
| permissions | The expected permissions. |
| enforce_perms | Enables permsissions check. If false the function simply returns true. |
Definition at line 351 of file filesystem.cc.
References isc::util::file::hasPermissions().
|
static |
Indicates security checks should be enforced.
Definition at line 361 of file filesystem.cc.
Referenced by isc::config::HttpCommandConfig::HttpCommandConfig(), main(), isc::d2::TSIGKeyInfoParser::parse(), isc::http::BasicHttpAuthConfig::parse(), isc::d2::D2Process::run(), and isc::config::UnixCommandConfig::validatePath().
| std::string isc::util::file::PathChecker::validateDirectory | ( | const std::string | input_path_str, |
| bool | enforce_path = shouldEnforceSecurity() ) const |
Validates a directory against a supported path.
Used to validate a string that represents a directory that may or may not end with a "/" (i.e "/foo/bar", bar is assumed to be the a directory, not a file.
If the input is empty or it matches the supported path, it returns the supported path. Otherwise it throws an error.
| input_path_str | file path to validate. |
| enforce_path | If true throw SecurityError when validation against the supported path fails, if false throw SecurityWarn. |
| SecurityError | if the path does not match the supported path and security is being enforced, SecurityWarn if it is not being enforced. |
Definition at line 324 of file filesystem.cc.
References isc_throw.
| std::string isc::util::file::PathChecker::validatePath | ( | const std::string | input_path_str, |
| bool | enforce_path = shouldEnforceSecurity() ) const |
Validates a file path against a supported path.
If the input path specifies a parent path and file name, the parent path is validated against the supported path. If they match, the function returns the validated path. If the input path contains only a file name the function returns valid path using the supported path and the input path name.
| input_path_str | file path to validate. |
| enforce_path | If true throw SecurityError when validation against the supported path fails, if false throw SecurityWarn. |
| BadValue | if the input path does not include a file name. |
| SecurityError | if the parent path does not path the supported path and security is being enforced, SecurityWarn if it is not being enforced. |
Definition at line 292 of file filesystem.cc.
References isc::util::file::Path::filename(), isc_throw, isc::util::file::Path::parentDirectory(), isc::util::file::Path::parentPath(), isc::util::file::Path::str(), and isc::util::str::trim().
1.16.1