From ea7d771ab6beec124f6d07ec918d05eeca76f3ed Mon Sep 17 00:00:00 2001
From: Andrew Krasichkov <buglloc@yandex.ru>
Date: Fri, 10 Nov 2017 12:22:25 +0300
Subject: [PATCH] [alias_traversal] Minor improvements + respects path in the
 alias directive:   - alias /foo/bar/ -> HIGH severity   - alias /foo/bar ->
 MEDIUM severity

---
 gixy/directives/directive.py                             | 8 ++++++++
 gixy/plugins/alias_traversal.py                          | 9 +++++++--
 tests/plugins/simply/alias_traversal/config.json         | 2 +-
 .../simply/alias_traversal/not_slashed_alias.conf        | 3 +++
 .../simply/alias_traversal/not_slashed_alias_fp.conf     | 3 +++
 tests/plugins/simply/alias_traversal/slashed_alias.conf  | 3 +++
 .../plugins/simply/alias_traversal/slashed_alias_fp.conf | 3 +++
 7 files changed, 28 insertions(+), 3 deletions(-)
 create mode 100644 tests/plugins/simply/alias_traversal/not_slashed_alias.conf
 create mode 100644 tests/plugins/simply/alias_traversal/not_slashed_alias_fp.conf
 create mode 100644 tests/plugins/simply/alias_traversal/slashed_alias.conf
 create mode 100644 tests/plugins/simply/alias_traversal/slashed_alias_fp.conf

diff --git a/gixy/directives/directive.py b/gixy/directives/directive.py
index e3b5e92..c15dee0 100644
--- a/gixy/directives/directive.py
+++ b/gixy/directives/directive.py
@@ -131,3 +131,11 @@ class RootDirective(Directive):
     @property
     def variables(self):
         return [Variable(name='document_root', value=self.path, provider=self)]
+
+
+class AliasDirective(Directive):
+    nginx_name = 'alias'
+
+    def __init__(self, name, args):
+        super(AliasDirective, self).__init__(name, args)
+        self.path = args[0]
diff --git a/gixy/plugins/alias_traversal.py b/gixy/plugins/alias_traversal.py
index 71dad5f..1ac957f 100644
--- a/gixy/plugins/alias_traversal.py
+++ b/gixy/plugins/alias_traversal.py
@@ -11,7 +11,8 @@ class alias_traversal(Plugin):
     """
     summary = 'Path traversal via misconfigured alias.'
     severity = gixy.severity.HIGH
-    description = 'TODO'
+    description = 'Using alias in a prefixed location that doesn\'t ends with directory separator could lead to path ' \
+                  'traversal vulnerability. '
     help_url = 'https://github.com/yandex/gixy/blob/master/docs/en/plugins/aliastraversal.md'
     directives = ['alias']
 
@@ -19,8 +20,12 @@ class alias_traversal(Plugin):
         for location in directive.parents:
             if location.name != 'location':
                 continue
+
             if not location.modifier or location.modifier == '^~':
                 # We need non-strict prefixed locations
                 if not location.path.endswith('/'):
-                    self.add_issue(directive=[directive, location])
+                    self.add_issue(
+                        severity=gixy.severity.HIGH if directive.path.endswith('/') else gixy.severity.MEDIUM,
+                        directive=[directive, location]
+                    )
             break
diff --git a/tests/plugins/simply/alias_traversal/config.json b/tests/plugins/simply/alias_traversal/config.json
index abad4d1..0402be0 100644
--- a/tests/plugins/simply/alias_traversal/config.json
+++ b/tests/plugins/simply/alias_traversal/config.json
@@ -1,3 +1,3 @@
 {
-  "severity": "HIGH"
+  "severity": ["MEDIUM", "HIGH"]
 }
diff --git a/tests/plugins/simply/alias_traversal/not_slashed_alias.conf b/tests/plugins/simply/alias_traversal/not_slashed_alias.conf
new file mode 100644
index 0000000..ea0264a
--- /dev/null
+++ b/tests/plugins/simply/alias_traversal/not_slashed_alias.conf
@@ -0,0 +1,3 @@
+location /files {
+    alias /home;
+}
diff --git a/tests/plugins/simply/alias_traversal/not_slashed_alias_fp.conf b/tests/plugins/simply/alias_traversal/not_slashed_alias_fp.conf
new file mode 100644
index 0000000..acc2851
--- /dev/null
+++ b/tests/plugins/simply/alias_traversal/not_slashed_alias_fp.conf
@@ -0,0 +1,3 @@
+location /files/ {
+    alias /home;
+}
diff --git a/tests/plugins/simply/alias_traversal/slashed_alias.conf b/tests/plugins/simply/alias_traversal/slashed_alias.conf
new file mode 100644
index 0000000..3b54b8c
--- /dev/null
+++ b/tests/plugins/simply/alias_traversal/slashed_alias.conf
@@ -0,0 +1,3 @@
+location /files {
+    alias /home/;
+}
diff --git a/tests/plugins/simply/alias_traversal/slashed_alias_fp.conf b/tests/plugins/simply/alias_traversal/slashed_alias_fp.conf
new file mode 100644
index 0000000..c30e22e
--- /dev/null
+++ b/tests/plugins/simply/alias_traversal/slashed_alias_fp.conf
@@ -0,0 +1,3 @@
+location /files/ {
+    alias /home/;
+}