github
/
gixy
mirror of https://github.com/yandex/gixy
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

[alias_traversal] Minor improvements + respects path in the alias directive: 

- alias /foo/bar/ -> HIGH severity
  - alias /foo/bar -> MEDIUM severity
pull/72/head
Andrew Krasichkov 2017-11-10 12:22:25 +03:00
parent 2a922f37cc
commit ea7d771ab6
7 changed files with 28 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
gixy/directives/directive.py
View File

@ -131,3 +131,11 @@ class RootDirective(Directive):
@property @property
def variables(self): def variables(self):
return [Variable(name='document_root', value=self.path, provider=self)] return [Variable(name='document_root', value=self.path, provider=self)]
class AliasDirective(Directive):
nginx_name = 'alias'
def __init__(self, name, args):
super(AliasDirective, self).__init__(name, args)
self.path = args[0]

9
gixy/plugins/alias_traversal.py
View File

@ -11,7 +11,8 @@ class alias_traversal(Plugin):
""" """
summary = 'Path traversal via misconfigured alias.' summary = 'Path traversal via misconfigured alias.'
severity = gixy.severity.HIGH severity = gixy.severity.HIGH
description = 'TODO' description = 'Using alias in a prefixed location that doesn\'t ends with directory separator could lead to path ' \
'traversal vulnerability. '
help_url = 'https://github.com/yandex/gixy/blob/master/docs/en/plugins/aliastraversal.md' help_url = 'https://github.com/yandex/gixy/blob/master/docs/en/plugins/aliastraversal.md'
directives = ['alias'] directives = ['alias']
@ -19,8 +20,12 @@ class alias_traversal(Plugin):
for location in directive.parents: for location in directive.parents:
if location.name != 'location': if location.name != 'location':
continue continue
if not location.modifier or location.modifier == '^~': if not location.modifier or location.modifier == '^~':
# We need non-strict prefixed locations # We need non-strict prefixed locations
if not location.path.endswith('/'): if not location.path.endswith('/'):
self.add_issue(directive=[directive, location]) self.add_issue(
severity=gixy.severity.HIGH if directive.path.endswith('/') else gixy.severity.MEDIUM,
directive=[directive, location]
)
break break

2
tests/plugins/simply/alias_traversal/config.json
View File

@ -1,3 +1,3 @@
{ {
"severity": "HIGH" "severity": ["MEDIUM", "HIGH"]
} }

3
tests/plugins/simply/alias_traversal/not_slashed_alias.conf Normal file
View File

@ -0,0 +1,3 @@
location /files {
alias /home;
}

3
tests/plugins/simply/alias_traversal/not_slashed_alias_fp.conf Normal file
View File

@ -0,0 +1,3 @@
location /files/ {
alias /home;
}

3
tests/plugins/simply/alias_traversal/slashed_alias.conf Normal file
View File

@ -0,0 +1,3 @@
location /files {
alias /home/;
}

3
tests/plugins/simply/alias_traversal/slashed_alias_fp.conf Normal file
View File

@ -0,0 +1,3 @@
location /files/ {
alias /home/;
}