Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sanitising path to avoid references to parent folders #26944

Merged
merged 1 commit into from
Nov 21, 2024
Merged

Sanitising path to avoid references to parent folders #26944

merged 1 commit into from
Nov 21, 2024

Conversation

MarcelKemp
Copy link
Member

@MarcelKemp MarcelKemp commented Nov 21, 2024
edited
Loading

Related issue
#26962

Description

With this PR we sanitise the paths that the manager sends to the agent, so we avoid problems due to possible references to parent folders.

Now, in the case of finding a reference to the parent folder, a Warning message appears and discards it, continuing with the rest of the files that the manager tries to send.

Tests

In the following case we can see a real case, where we can see how it is avoided, appearing also the warning.

2024/11/21 12:31:32 wazuh-agent: WARNING: Invalid file ' \\..\local_internal_options.conf
', vulnerable to directory traversal attack. Ignoring.
2024/11/21 12:31:32 wazuh-agent: WARNING: Unknown message received. No action defined.
2024/11/21 12:31:32 wazuh-agent: WARNING: Invalid file ' \\..\dummy_file.txt
', vulnerable to directory traversal attack. Ignoring.

@MarcelKemp MarcelKemp requested a review from vikman90 November 21, 2024 11:43
@MarcelKemp MarcelKemp self-assigned this Nov 21, 2024
lchico
lchico approved these changes Nov 21, 2024
View reviewed changes
Copy link
Member

@lchico lchico left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@MarcelKemp MarcelKemp merged commit 6230916 into 4.10.0 Nov 21, 2024
23 checks passed
@MarcelKemp MarcelKemp deleted the fix/1796-path-sanitization branch November 21, 2024 12:50
@MarcelKemp MarcelKemp linked an issue Nov 22, 2024 that may be closed by this pull request
Improve File Path Handling in Agent Communications #26962
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mjcr99 mjcr99 mjcr99 approved these changes

@lchico lchico lchico approved these changes

@vikman90 vikman90 vikman90 approved these changes

Assignees

@MarcelKemp MarcelKemp

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Improve File Path Handling in Agent Communications
4 participants
@MarcelKemp @vikman90 @lchico @mjcr99
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy