[alias_traversal] Minor improvements + respects path in the alias directive:

- alias /foo/bar/ -> HIGH severity - alias /foo/bar -> MEDIUM severity
2017-11-10 12:22:25 +03:00 · 2017-11-10 12:22:25 +03:00 · ea7d771ab6
parent 2a922f37cc
commit ea7d771ab6
7 changed files with 28 additions and 3 deletions
--- a/gixy/directives/directive.py
+++ b/gixy/directives/directive.py
@ -131,3 +131,11 @@ class RootDirective(Directive):
    @property
    def variables(self):
        return [Variable(name='document_root', value=self.path, provider=self)]
+
+
+class AliasDirective(Directive):
+    nginx_name = 'alias'
+
+    def __init__(self, name, args):
+        super(AliasDirective, self).__init__(name, args)
+        self.path = args[0]
--- a/gixy/plugins/alias_traversal.py
+++ b/gixy/plugins/alias_traversal.py
@ -11,7 +11,8 @@ class alias_traversal(Plugin):
    """
    summary = 'Path traversal via misconfigured alias.'
    severity = gixy.severity.HIGH
-    description = 'TODO'
+    description = 'Using alias in a prefixed location that doesn\'t ends with directory separator could lead to path ' \
+                  'traversal vulnerability. '
    help_url = 'https://github.com/yandex/gixy/blob/master/docs/en/plugins/aliastraversal.md'
    directives = ['alias']

@ -19,8 +20,12 @@ class alias_traversal(Plugin):
        for location in directive.parents:
            if location.name != 'location':
                continue
+
            if not location.modifier or location.modifier == '^~':
                # We need non-strict prefixed locations
                if not location.path.endswith('/'):
-                    self.add_issue(directive=[directive, location])
+                    self.add_issue(
+                        severity=gixy.severity.HIGH if directive.path.endswith('/') else gixy.severity.MEDIUM,
+                        directive=[directive, location]
+                    )
            break
--- a/tests/plugins/simply/alias_traversal/config.json
+++ b/tests/plugins/simply/alias_traversal/config.json
@ -1,3 +1,3 @@
 {
-  "severity": "HIGH"
+  "severity": ["MEDIUM", "HIGH"]
 }
--- a/tests/plugins/simply/alias_traversal/not_slashed_alias.conf
+++ b/tests/plugins/simply/alias_traversal/not_slashed_alias.conf
@ -0,0 +1,3 @@
+location /files {
+    alias /home;
+}
--- a/tests/plugins/simply/alias_traversal/not_slashed_alias_fp.conf
+++ b/tests/plugins/simply/alias_traversal/not_slashed_alias_fp.conf
@ -0,0 +1,3 @@
+location /files/ {
+    alias /home;
+}
--- a/tests/plugins/simply/alias_traversal/slashed_alias.conf
+++ b/tests/plugins/simply/alias_traversal/slashed_alias.conf
@ -0,0 +1,3 @@
+location /files {
+    alias /home/;
+}
--- a/tests/plugins/simply/alias_traversal/slashed_alias_fp.conf
+++ b/tests/plugins/simply/alias_traversal/slashed_alias_fp.conf
@ -0,0 +1,3 @@
+location /files/ {
+    alias /home/;
+}