Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: adds fs access check at startup time #1030

Merged
merged 9 commits into from
Apr 23, 2024
Merged

chore: adds fs access check at startup time #1030

merged 9 commits into from
Apr 23, 2024

Conversation

M4tteoP
Copy link
Member

@M4tteoP M4tteoP commented Mar 31, 2024
edited
Loading

Fix #1007

@codecov Codecov
Copy link

codecov bot commented Mar 31, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 76.47059% with 4 lines in your changes are missing coverage. Please review.

Project coverage is 83.01%. Comparing base (4ff1f76) to head (a6b7f38).
Report is 29 commits behind head on main.

Files Patch % Lines
internal/seclang/directives.go 60.00% 2 Missing ⚠️
waf.go 33.33% 1 Missing and 1 partial ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #1030      +/-   ##
==========================================
+ Coverage   82.72%   83.01%   +0.29%     
==========================================
  Files         162      163       +1     
  Lines        9080     7636    -1444     
==========================================
- Hits         7511     6339    -1172     
+ Misses       1319     1044     -275     
- Partials      250      253       +3
Flag Coverage Δ
default 83.01% <76.47%> (+5.17%) ⬆️
examples 83.01% <76.47%> (+56.58%) ⬆️
ftw 83.01% <76.47%> (+35.64%) ⬆️
ftw-multiphase 83.01% <76.47%> (+33.47%) ⬆️
tinygo 83.01% <76.47%> (+7.61%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

jcchavezs
jcchavezs reviewed Apr 1, 2024
View reviewed changes
internal/environment/checks.go Outdated
}
defer file.Close()

_, err = file.WriteString("check fs data")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure this check is 100% needed as CreateTemp is creating a file and opening it for writing hence not sure about the need of actually writing in it, also if we need that I'd write a single byte as that seems to be enough cc @anuraaga

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, I took a better look at CreateTemp, and your thoughts are reasonable. I've removed it for now

@M4tteoP M4tteoP marked this pull request as ready for review April 1, 2024 20:54
@M4tteoP M4tteoP requested a review from a team as a code owner April 1, 2024 20:54
@M4tteoP M4tteoP mentioned this pull request Apr 1, 2024
Closed
jcchavezs
jcchavezs reviewed Apr 2, 2024
View reviewed changes
internal/environment/checks.go Outdated

// IsDirWritable is a helper function to check if the WAF has access to the filesystem
func IsDirWritable(logger debuglog.Logger, dir string) error {
if !HasAccessToFS {
Copy link
Member

@jcchavezs jcchavezs Apr 2, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd rather decouple this from the other as we are mixing two concerns here. Also it is possible that for tinygo.wasm we could panic to make sure we don't call this when HasAccessToFS is false cc @anuraaga

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I split the function based on the build tag and wrapped it checking HasAccessToFS. PTAL

jcchavezs
jcchavezs reviewed Apr 9, 2024
View reviewed changes
internal/environment/nofsaccess.go
// IsDirWritable is a helper function to check if the WAF has access to the filesystem
// It is unexpected to call this function when no_fs_access build tag is enabled
func IsDirWritable(logger debuglog.Logger, dir string) error {
panic("Unexpected call to IsDirWritable with no_fs_access build tag")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cc @anuraaga

@jcchavezs jcchavezs added the v3.2 label Apr 11, 2024
@jcchavezs
Copy link
Member

Any input on this @anuraaga otherwise I think we can merge it.

@jcchavezs jcchavezs merged commit 5c29235 into corazawaf:main Apr 23, 2024
8 of 9 checks passed
@jcchavezs jcchavezs deleted the adds_fs_access_check branch April 23, 2024 09:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jcchavezs jcchavezs jcchavezs left review comments

@anuraaga anuraaga anuraaga approved these changes

Assignees
No one assigned
Labels
v3.2
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Misconfiguration errors to help adoption
3 participants
@M4tteoP @jcchavezs @anuraaga