fix(wechat): sanitize media file_name to block path traversal in _dl_media#609
Open
kevinchennewbee wants to merge 1 commit into
Open
fix(wechat): sanitize media file_name to block path traversal in _dl_media#609kevinchennewbee wants to merge 1 commit into
kevinchennewbee wants to merge 1 commit into
Conversation
…media
`_dl_media` takes `file_name` straight from the inbound message payload
(attacker-controllable) and joins it onto `_TEMP_DIR` before writing the
decrypted bytes:
fname = sub.get('file_name') or f'{uuid...}{ext}'
p = os.path.join(_TEMP_DIR, fname); open(p, 'wb').write(pt)
`os.path.join(base, '../../x')` (or an absolute path) escapes `_TEMP_DIR`,
so a remote sender can write attacker-chosen content to an arbitrary path
on the bot host — e.g. drop a file into an autoload location. It is a write
primitive reachable by anyone who can message the bot.
Fix: collapse the inbound name to its basename before use. A normal
filename has no directory component, so basename is the identity for
legitimate names and behavior is unchanged; only `../` / absolute paths
are neutralized. Empty names still fall through to the uuid fallback.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
现象
frontends/wechatapp.py的_dl_media把入站消息里的file_name直接用来落盘解密后的媒体内容。file_name来自对方消息,攻击者可控。根因
os.path.join(base, '../../x')(或绝对路径)会逃出_TEMP_DIR。任何能给 bot 发消息的人,就能把自己控制的内容写到宿主机任意路径——比如丢进自启动目录。这是一个远程可达的任意写原语。修法
落盘前把入站名收敛成 basename。正常文件名没有目录部分,basename 是恒等,合法行为完全不变;只有
..// 绝对路径被中和。空名仍走原来的 uuid 兜底。实测
python3 -m py_compile frontends/wechatapp.py通过../../../../etc/cron.d/evil→evil、/root/.bashrc→.bashrc、photo.jpg→photo.jpg(恒等)、空名 → uuid 兜底单文件单行改动,行为对合法文件名不变。