From b2274baba2e11c8cf8901b0c5c871e5b27f1f6dd Mon Sep 17 00:00:00 2001 From: Daniel <845765@qq.com> Date: Sun, 18 Jan 2026 17:23:26 +0800 Subject: [PATCH] :lock: Arbitrary file reading vulnerability https://github.com/siyuan-note/siyuan/issues/16860 Signed-off-by: Daniel <845765@qq.com> --- kernel/api/file.go | 16 +++++++- kernel/model/assets.go | 13 +++++- kernel/util/path.go | 92 ++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 118 insertions(+), 3 deletions(-) diff --git a/kernel/api/file.go b/kernel/api/file.go index 5d7543bde..444e7233d 100644 --- a/kernel/api/file.go +++ b/kernel/api/file.go @@ -66,14 +66,26 @@ func globalCopyFiles(c *gin.Context) { srcs = append(srcs, s.(string)) } - for _, src := range srcs { - if !filelock.IsExist(src) { + for i, src := range srcs { + absSrc, _ := filepath.Abs(src) + + if !filelock.IsExist(absSrc) { msg := fmt.Sprintf("file [%s] does not exist", src) logging.LogErrorf(msg) ret.Code = -1 ret.Msg = msg return } + + if util.IsSensitivePath(absSrc) { + msg := fmt.Sprintf("refuse to copy sensitive file [%s]", src) + logging.LogErrorf(msg) + ret.Code = -2 + ret.Msg = msg + return + } + + srcs[i] = absSrc } destDir := arg["destDir"].(string) // 相对于工作空间的路径 diff --git a/kernel/model/assets.go b/kernel/model/assets.go index 5f6dfdabf..6ca2aa97f 100644 --- a/kernel/model/assets.go +++ b/kernel/model/assets.go @@ -248,7 +248,18 @@ func netAssets2LocalAssets0(tree *parse.Tree, onlyImg bool, originalURL string, u = u[:strings.Index(u, "?")] } - if !gulu.File.IsExist(u) || gulu.File.IsDir(u) { + if !gulu.File.IsExist(u) { + logging.LogErrorf("local file asset [%s] not exist", u) + continue + } + + if gulu.File.IsDir(u) { + logging.LogWarnf("ignore converting directory path [%s] to local asset", u) + continue + } + + if util.IsSensitivePath(u) { + logging.LogWarnf("ignore converting sensitive path [%s] to local asset", u) continue } diff --git a/kernel/util/path.go b/kernel/util/path.go index fd4a1d5e4..2b5a81957 100644 --- a/kernel/util/path.go +++ b/kernel/util/path.go @@ -347,3 +347,95 @@ func IsPartitionRootPath(path string) bool { return cleanPath == "/" } } + +// IsSensitivePath 对传入路径做统一的敏感性检测。 +func IsSensitivePath(p string) bool { + if p == "" { + return false + } + pp := filepath.Clean(strings.ToLower(p)) + + // 精确敏感文件 + exact := []string{ + "/etc/passwd", + "/etc/shadow", + "/etc/gshadow", + "/var/run/secrets/kubernetes.io/serviceaccount/token", + } + for _, e := range exact { + if pp == e { + return true + } + } + + // 敏感目录前缀(UNIX 风格) + prefixes := []string{ + "/etc/ssh", + "/root", + "/etc/ssl", + "/etc/letsencrypt", + "/var/lib/docker", + "/.gnupg", + "/.ssh", + "/.aws", + "/.kube", + "/.docker", + "/.config/gcloud", + } + for _, pre := range prefixes { + if strings.HasPrefix(pp, pre) { + return true + } + } + + // Windows 常见敏感目录(小写比较) + winPrefixes := []string{ + `c:\windows\system32`, + `c:\windows\system`, + `c:\users\`, + } + for _, wp := range winPrefixes { + if strings.HasPrefix(pp, strings.ToLower(wp)) { + return true + } + } + + // 文件名级别检查 + base := filepath.Base(pp) + n := strings.ToLower(base) + sensitiveNames := map[string]struct{}{ + ".env": {}, + ".env.local": {}, + ".npmrc": {}, + ".netrc": {}, + "id_rsa": {}, + "id_dsa": {}, + "id_ecdsa": {}, + "id_ed25519": {}, + "authorized_keys": {}, + "passwd": {}, + "shadow": {}, + "pgpass": {}, + "credentials": {}, // 如 aws credentials + "config.json": {}, // docker config.json 可能含 token + } + if _, ok := sensitiveNames[n]; ok { + return true + } + // 支持 .env.* 之类的模式 + if n == ".env" || strings.HasPrefix(n, ".env.") { + return true + } + + // 扩展名级别检查 + ext := strings.ToLower(filepath.Ext(n)) + sensitiveExts := []string{ + ".pem", ".key", ".p12", ".pfx", ".ppk", ".asc", ".gpg", + } + for _, se := range sensitiveExts { + if ext == se { + return true + } + } + return false +}