mirror of
https://github.com/jellyfin/jellyfin.git
synced 2026-07-15 10:43:30 +01:00
Add DLL whitelist support for plugins
This commit is contained in:
@@ -1,4 +1,5 @@
|
||||
using System;
|
||||
using System.IO;
|
||||
using Emby.Server.Implementations.Library;
|
||||
using Xunit;
|
||||
|
||||
@@ -73,5 +74,47 @@ namespace Jellyfin.Server.Implementations.Tests.Library
|
||||
Assert.False(PathExtensions.TryReplaceSubPath(path, subPath, newSubPath, out var result));
|
||||
Assert.Null(result);
|
||||
}
|
||||
|
||||
[Theory]
|
||||
[InlineData(null, '/', null)]
|
||||
[InlineData(null, '\\', null)]
|
||||
[InlineData("/home/jeff/myfile.mkv", '\\', "\\home\\jeff\\myfile.mkv")]
|
||||
[InlineData("C:\\Users\\Jeff\\myfile.mkv", '/', "C:/Users/Jeff/myfile.mkv")]
|
||||
[InlineData("\\home/jeff\\myfile.mkv", '\\', "\\home\\jeff\\myfile.mkv")]
|
||||
[InlineData("\\home/jeff\\myfile.mkv", '/', "/home/jeff/myfile.mkv")]
|
||||
[InlineData("", '/', "")]
|
||||
public void NormalizePath_SpecifyingSeparator_Normalizes(string path, char separator, string expectedPath)
|
||||
{
|
||||
Assert.Equal(expectedPath, path.NormalizePath(separator));
|
||||
}
|
||||
|
||||
[Theory]
|
||||
[InlineData("/home/jeff/myfile.mkv")]
|
||||
[InlineData("C:\\Users\\Jeff\\myfile.mkv")]
|
||||
[InlineData("\\home/jeff\\myfile.mkv")]
|
||||
public void NormalizePath_NoArgs_UsesDirectorySeparatorChar(string path)
|
||||
{
|
||||
var separator = Path.DirectorySeparatorChar;
|
||||
|
||||
Assert.Equal(path.Replace('\\', separator).Replace('/', separator), path.NormalizePath());
|
||||
}
|
||||
|
||||
[Theory]
|
||||
[InlineData("/home/jeff/myfile.mkv", '/')]
|
||||
[InlineData("C:\\Users\\Jeff\\myfile.mkv", '\\')]
|
||||
[InlineData("\\home/jeff\\myfile.mkv", '/')]
|
||||
public void NormalizePath_OutVar_Correct(string path, char expectedSeparator)
|
||||
{
|
||||
var result = path.NormalizePath(out var separator);
|
||||
|
||||
Assert.Equal(expectedSeparator, separator);
|
||||
Assert.Equal(path.Replace('\\', separator).Replace('/', separator), result);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public void NormalizePath_SpecifyInvalidSeparator_ThrowsException()
|
||||
{
|
||||
Assert.Throws<ArgumentException>(() => string.Empty.NormalizePath('a'));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,7 +1,12 @@
|
||||
using System;
|
||||
using System.IO;
|
||||
using System.Text.Json;
|
||||
using Emby.Server.Implementations.Library;
|
||||
using Emby.Server.Implementations.Plugins;
|
||||
using Jellyfin.Extensions.Json;
|
||||
using Jellyfin.Extensions.Json.Converters;
|
||||
using MediaBrowser.Common.Plugins;
|
||||
using MediaBrowser.Model.Plugins;
|
||||
using Microsoft.Extensions.Logging.Abstractions;
|
||||
using Xunit;
|
||||
|
||||
@@ -40,6 +45,136 @@ namespace Jellyfin.Server.Implementations.Tests.Plugins
|
||||
Assert.Equal(manifest.Status, res.Manifest.Status);
|
||||
Assert.Equal(manifest.AutoUpdate, res.Manifest.AutoUpdate);
|
||||
Assert.Equal(manifest.ImagePath, res.Manifest.ImagePath);
|
||||
Assert.Equal(manifest.Assemblies, res.Manifest.Assemblies);
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Tests safe traversal within the plugin directory.
|
||||
/// </summary>
|
||||
/// <param name="dllFile">The safe path to evaluate.</param>
|
||||
[Theory]
|
||||
[InlineData("./some.dll")]
|
||||
[InlineData("some.dll")]
|
||||
[InlineData("sub/path/some.dll")]
|
||||
public void Constructor_DiscoversSafePluginAssembly_Status_Active(string dllFile)
|
||||
{
|
||||
var manifest = new PluginManifest
|
||||
{
|
||||
Id = Guid.NewGuid(),
|
||||
Name = "Safe Assembly",
|
||||
Assemblies = new string[] { dllFile }
|
||||
};
|
||||
|
||||
var filename = Path.GetFileName(dllFile)!;
|
||||
var (tempPath, pluginPath) = GetTestPaths("safe");
|
||||
|
||||
Directory.CreateDirectory(Path.Combine(pluginPath, dllFile.Replace(filename, string.Empty, StringComparison.OrdinalIgnoreCase)));
|
||||
File.Create(Path.Combine(pluginPath, dllFile));
|
||||
|
||||
var options = GetTestSerializerOptions();
|
||||
var data = JsonSerializer.Serialize(manifest, options);
|
||||
var metafilePath = Path.Combine(tempPath, "safe", "meta.json");
|
||||
|
||||
File.WriteAllText(metafilePath, data);
|
||||
|
||||
var pluginManager = new PluginManager(new NullLogger<PluginManager>(), null!, null!, tempPath, new Version(1, 0));
|
||||
|
||||
var res = JsonSerializer.Deserialize<PluginManifest>(File.ReadAllText(metafilePath), options);
|
||||
|
||||
var expectedFullPath = Path.Combine(pluginPath, dllFile).Canonicalize();
|
||||
|
||||
Assert.NotNull(res);
|
||||
Assert.NotEmpty(pluginManager.Plugins);
|
||||
Assert.Equal(PluginStatus.Active, res!.Status);
|
||||
Assert.Equal(expectedFullPath, pluginManager.Plugins[0].DllFiles[0]);
|
||||
Assert.StartsWith(Path.Combine(tempPath, "safe"), expectedFullPath, StringComparison.InvariantCulture);
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Tests unsafe attempts to traverse to higher directories.
|
||||
/// </summary>
|
||||
/// <remarks>
|
||||
/// Attempts to load directories outside of the plugin should be
|
||||
/// constrained. Path traversal, shell expansion, and double encoding
|
||||
/// can be used to load unintended files.
|
||||
/// See <see href="https://owasp.org/www-community/attacks/Path_Traversal"/> for more.
|
||||
/// </remarks>
|
||||
/// <param name="unsafePath">The unsafe path to evaluate.</param>
|
||||
[Theory]
|
||||
[InlineData("/some.dll")] // Root path.
|
||||
[InlineData("../some.dll")] // Simple traversal.
|
||||
[InlineData("C:\\some.dll")] // Windows root path.
|
||||
[InlineData("test.txt")] // Not a DLL
|
||||
[InlineData(".././.././../some.dll")] // Traversal with current and parent
|
||||
[InlineData("..\\.\\..\\.\\..\\some.dll")] // Windows traversal with current and parent
|
||||
[InlineData("\\\\network\\resource.dll")] // UNC Path
|
||||
[InlineData("https://jellyfin.org/some.dll")] // URL
|
||||
[InlineData("....//....//some.dll")] // Path replacement risk if a single "../" replacement occurs.
|
||||
[InlineData("~/some.dll")] // Tilde poses a shell expansion risk, but is a valid path character.
|
||||
public void Constructor_DiscoversUnsafePluginAssembly_Status_Malfunctioned(string unsafePath)
|
||||
{
|
||||
var manifest = new PluginManifest
|
||||
{
|
||||
Id = Guid.NewGuid(),
|
||||
Name = "Unsafe Assembly",
|
||||
Assemblies = new string[] { unsafePath }
|
||||
};
|
||||
|
||||
var (tempPath, pluginPath) = GetTestPaths("unsafe");
|
||||
|
||||
Directory.CreateDirectory(pluginPath);
|
||||
|
||||
var files = new string[]
|
||||
{
|
||||
"../other.dll",
|
||||
"some.dll"
|
||||
};
|
||||
|
||||
foreach (var file in files)
|
||||
{
|
||||
File.Create(Path.Combine(pluginPath, file));
|
||||
}
|
||||
|
||||
var options = GetTestSerializerOptions();
|
||||
var data = JsonSerializer.Serialize(manifest, options);
|
||||
var metafilePath = Path.Combine(tempPath, "unsafe", "meta.json");
|
||||
|
||||
File.WriteAllText(metafilePath, data);
|
||||
|
||||
var pluginManager = new PluginManager(new NullLogger<PluginManager>(), null!, null!, tempPath, new Version(1, 0));
|
||||
|
||||
var res = JsonSerializer.Deserialize<PluginManifest>(File.ReadAllText(metafilePath), options);
|
||||
|
||||
Assert.NotNull(res);
|
||||
Assert.Empty(pluginManager.Plugins);
|
||||
Assert.Equal(PluginStatus.Malfunctioned, res!.Status);
|
||||
}
|
||||
|
||||
private JsonSerializerOptions GetTestSerializerOptions()
|
||||
{
|
||||
var options = new JsonSerializerOptions(JsonDefaults.Options)
|
||||
{
|
||||
WriteIndented = true
|
||||
};
|
||||
|
||||
for (var i = 0; i < options.Converters.Count; i++)
|
||||
{
|
||||
// Remove the Guid converter for parity with plugin manager.
|
||||
if (options.Converters[i] is JsonGuidConverter converter)
|
||||
{
|
||||
options.Converters.Remove(converter);
|
||||
}
|
||||
}
|
||||
|
||||
return options;
|
||||
}
|
||||
|
||||
private (string TempPath, string PluginPath) GetTestPaths(string pluginFolderName)
|
||||
{
|
||||
var tempPath = Path.Combine(_testPathRoot, "plugins-" + Path.GetRandomFileName());
|
||||
var pluginPath = Path.Combine(tempPath, pluginFolderName);
|
||||
|
||||
return (tempPath, pluginPath);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -13,7 +13,8 @@
|
||||
"targetAbi": "10.6.0.0",
|
||||
"sourceUrl": "https://repo.jellyfin.org/releases/plugin/anime/anime_10.0.0.0.zip",
|
||||
"checksum": "93e969adeba1050423fc8817ed3c36f8",
|
||||
"timestamp": "2020-08-17T01:41:13Z"
|
||||
"timestamp": "2020-08-17T01:41:13Z",
|
||||
"assemblies": [ "Jellyfin.Plugin.Anime.dll" ]
|
||||
},
|
||||
{
|
||||
"version": "9.0.0.0",
|
||||
@@ -21,9 +22,10 @@
|
||||
"targetAbi": "10.6.0.0",
|
||||
"sourceUrl": "https://repo.jellyfin.org/releases/plugin/anime/anime_9.0.0.0.zip",
|
||||
"checksum": "9b1cebff835813e15f414f44b40c41c8",
|
||||
"timestamp": "2020-07-20T01:30:16Z"
|
||||
"timestamp": "2020-07-20T01:30:16Z",
|
||||
"assemblies": [ "Jellyfin.Plugin.Anime.dll" ]
|
||||
}
|
||||
]
|
||||
]
|
||||
},
|
||||
{
|
||||
"guid": "70b7b43b-471b-4159-b4be-56750c795499",
|
||||
@@ -681,4 +683,4 @@
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
]
|
||||
|
||||
@@ -106,5 +106,19 @@ namespace Jellyfin.Server.Implementations.Tests.Updates
|
||||
var ex = await Record.ExceptionAsync(() => _installationManager.InstallPackage(packageInfo, CancellationToken.None)).ConfigureAwait(false);
|
||||
Assert.Null(ex);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public async Task InstallPackage_WithAssemblies_Success()
|
||||
{
|
||||
PackageInfo[] packages = await _installationManager.GetPackages(
|
||||
"Jellyfin Stable",
|
||||
"https://repo.jellyfin.org/releases/plugin/manifest-stable.json",
|
||||
false);
|
||||
|
||||
packages = _installationManager.FilterPackages(packages, "Anime").ToArray();
|
||||
Assert.Single(packages);
|
||||
Assert.NotEmpty(packages[0].Versions[0].Assemblies);
|
||||
Assert.Equal("Jellyfin.Plugin.Anime.dll", packages[0].Versions[0].Assemblies[0]);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user