Skip to content

Commit

Permalink
Fix security issue in sio.executors.encdec_common
Browse files Browse the repository at this point in the history
  • Loading branch information
top-sekret committed Apr 24, 2023
1 parent 66526ba commit 8efec4c
Showing 1 changed file with 20 additions and 7 deletions.
27 changes: 20 additions & 7 deletions sio/executors/encdec_common.py
Original file line number Diff line number Diff line change
@@ -1,20 +1,16 @@
from __future__ import absolute_import
import os
import logging
from shutil import rmtree
from shutil import copy2, rmtree
import tempfile
from zipfile import ZipFile, is_zipfile
from sio.executors.checker import _limit_length
from sio.executors.common import _run_core
from sio.workers import ft
from sio.workers.executors import ExecError, PRootExecutor, UnprotectedExecutor
from sio.workers.util import decode_fields, replace_invalid_UTF, tempcwd
from sio.workers.util import decode_fields, replace_invalid_UTF, tempcwd, TemporaryCwd
from sio.workers.file_runners import get_file_runner

# TODO XXX FIXME
# Hide the files like enc_in or hint from the contestants
# Would not be nice if someone just sideloaded enc_in in decoder

import six

logger = logging.getLogger(__name__)
Expand Down Expand Up @@ -214,6 +210,23 @@ def _run_checker(environ, use_sandboxes=False):
return False


def _run_decoder_hide_files(environ, file_executor, exe_filename, use_sandboxes, orig_dir):
# We now have quite a lot of interes
# be nice if some decoder read them.
with TemporaryCwd() as new_dir:
# Copy the executable and input
for f in 'dec_in', exe_filename:
copy2(os.path.join(orig_dir, f), tempcwd(f))

renv = _run_decoder(environ, file_executor, exe_filename, use_sandboxes)

# Copy the output
for f in 'dec_out',:
copy2(tempcwd(f), os.path.join(orig_dir, f))

return renv


def run(environ, executor, use_sandboxes=True):
"""
Common code for executors.
Expand Down Expand Up @@ -244,7 +257,7 @@ def run(environ, executor, use_sandboxes=True):
if not _run_channel(environ, use_sandboxes):
return environ

renv = _run_decoder(environ, file_executor, exe_filename, use_sandboxes)
renv = _run_decoder_hide_files(environ, file_executor, exe_filename, use_sandboxes, tempcwd())
_populate_environ(renv, environ, "decoder_")

if renv["result_code"] != "OK":
Expand Down

0 comments on commit 8efec4c

Please sign in to comment.