From 3964db36da1ee691756b2bc67cff81e38145adb5 Mon Sep 17 00:00:00 2001 From: Jeff Gaston Date: Tue, 24 Oct 2017 15:24:24 -0700 Subject: [PATCH 1/2] Implement validate-paths-are-subdirs Test: m -j nothing # which runs unit tests Bug: 68056327 Change-Id: I1094f2134af28695ea2376134ea463d34cd63676 --- core/definitions.mk | 92 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 92 insertions(+) diff --git a/core/definitions.mk b/core/definitions.mk index d0009ee9e..12a8b1ed2 100644 --- a/core/definitions.mk +++ b/core/definitions.mk @@ -3187,6 +3187,98 @@ ifeq ($(TEST_MAKE_clean_path),true) endif endif +########################################################### +## Given a filepath, returns nonempty if the path cannot be +## validated to be contained in the current directory +## This is, this function checks for '/' and '..' +## +## $(1): path to validate +define try-validate-path-is-subdir +$(strip + $(if $(filter /%,$(1)), + $(1) starts with a slash + ) + $(if $(filter ../%,$(call clean-path,$(1))), + $(1) escapes its parent using '..' + ) + $(if $(strip $(1)), + , + '$(1)' is empty + ) +) +endef + +define validate-path-is-subdir +$(if $(call try-validate-path-is-subdir,$(1)), + $(call pretty-error, Illegal path: $(call try-validate-path-is-subdir,$(1))) +) +endef + +########################################################### +## Given a space-delimited list of filepaths, returns +## nonempty if any cannot be validated to be contained in +## the current directory +## +## $(1): path list to validate +define try-validate-paths-are-subdirs +$(strip \ + $(foreach my_path,$(1),\ + $(call try-validate-path-is-subdir,$(my_path))\ + ) +) +endef + +define validate-paths-are-subdirs +$(if $(call try-validate-paths-are-subdirs,$(1)), + $(call pretty-error,Illegal paths:\'$(call try-validate-paths-are-subdirs,$(1))\') +) +endef + +########################################################### +## Tests of try-validate-path-is-subdir +## and try-validate-paths-are-subdirs +define test-validate-paths-are-subdirs +$(eval my_error := $(call try-validate-path-is-subdir,/tmp)) \ +$(if $(call streq,$(my_error),/tmp starts with a slash), +, + $(error incorrect error message for path /tmp. Got '$(my_error)') +) \ +$(eval my_error := $(call try-validate-path-is-subdir,../sibling)) \ +$(if $(call streq,$(my_error),../sibling escapes its parent using '..'), +, + $(error incorrect error message for path ../sibling. Got '$(my_error)') +) \ +$(eval my_error := $(call try-validate-path-is-subdir,child/../../sibling)) \ +$(if $(call streq,$(my_error),child/../../sibling escapes its parent using '..'), +, + $(error incorrect error message for path child/../../sibling. Got '$(my_error)') +) \ +$(eval my_error := $(call try-validate-path-is-subdir,)) \ +$(if $(call streq,$(my_error),'' is empty), +, + $(error incorrect error message for empty path ''. Got '$(my_error)') +) \ +$(eval my_error := $(call try-validate-path-is-subdir,subdir/subsubdir)) \ +$(if $(call streq,$(my_error),), +, + $(error rejected valid path 'subdir/subsubdir'. Got '$(my_error)') +) + +$(eval my_error := $(call try-validate-paths-are-subdirs,a/b /c/d e/f)) +$(if $(call streq,$(my_error),/c/d starts with a slash), +, + $(error incorrect error message for path list 'a/b /c/d e/f'. Got '$(my_error)') +) +$(eval my_error := $(call try-validate-paths-are-subdirs,a/b c/d)) +$(if $(call streq,$(my_error),), +, + $(error rejected valid path list 'a/b c/d'. Got '$(my_error)') +) +endef +# run test +$(strip $(call test-validate-paths-are-subdirs)) + + ########################################################### ## Other includes ########################################################### From 07d390204ca785b512c928111902d8ab97755f63 Mon Sep 17 00:00:00 2001 From: Jeff Gaston Date: Tue, 24 Oct 2017 16:11:42 -0700 Subject: [PATCH 2/2] Validate args passed by jacoco.mk to rm -rf Test: m -j showcommands dist ANDROID_COMPILE_WITH_JACK=false EMMA_INSTRUMENT=true EMMA_INSTRUMENT_FRAMEWORK=true SKIP_BOOT_JARS_CHECK=true WITH_DEXPREOPT=false tests Bug: 68056327 Change-Id: I30a83721b8cab91445bde9d3608266942f6d0997 --- core/jacoco.mk | 2 ++ 1 file changed, 2 insertions(+) diff --git a/core/jacoco.mk b/core/jacoco.mk index 33d45d5e7..9e6fd07ba 100644 --- a/core/jacoco.mk +++ b/core/jacoco.mk @@ -52,6 +52,8 @@ ifeq ($(LOCAL_EMMA_INSTRUMENT),true) my_files := $(intermediates.COMMON)/jacoco + $(call validate-paths-are-subdirs,$(my_exclude_args)) + # make a task that unzips the classes that we want to instrument from the # input jar my_unzipped_path := $(my_files)/work/classes-to-instrument/classes