rust/ripgrep
1
0
Fork 0
mirror of https://github.com/BurntSushi/ripgrep.git synced 2024-12-12 19:18:24 +02:00
Code Issues Releases Activity
229d1a8d41
ripgrep/crates/core
History
Andrew Gallant 229d1a8d41
cli: fix arbitrary execution of program bug 
This fixes a bug only present on Windows that would permit someone to
execute an arbitrary program if they crafted an appropriate directory
tree. Namely, if someone put an executable named 'xz.exe' in the root of
a directory tree and one ran 'rg -z foo' from the root of that tree,
then the 'xz.exe' executable in that tree would execute if there are any
'xz' files anywhere in the tree.

The root cause of this problem is that 'CreateProcess' on Windows will
implicitly look in the current working directory for an executable when
it is given a relative path to a program. Rust's standard library allows
this behavior to occur, so we work around it here. We work around it by
explicitly resolving programs like 'xz' via 'PATH'. That way, we only
ever pass an absolute path to 'CreateProcess', which avoids the implicit
behavior of checking the current working directory.

This fix doesn't apply to non-Windows systems as it is believed to only
impact Windows. In theory, the bug could apply on Unix if '.' is in
one's PATH, but at that point, you reap what you sow.

While the extent to which this is a security problem isn't clear, I
think users generally expect to be able to download or clone
repositories from the Internet and run ripgrep on them without fear of
anything too awful happening. Being able to execute an arbitrary program
probably violates that expectation. Therefore, CVE-2021-3013[1] was
created for this issue.

We apply the same logic to the --pre command, since the --pre command is
likely in a user's config file and it would be surprising for something
that the user is searching to modify which preprocessor command is used.

The --pre and -z/--search-zip flags are the only two ways that ripgrep
will invoke external programs, so this should cover any possible
exploitable cases of this bug.

[1] - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3013
2021-05-29 09:36:48 -04:00
..
app.rs doc: fix typo in --engine flag docs 2021-05-08 15:35:44 -04:00
args.rs cli: fix arbitrary execution of program bug 2021-05-29 09:36:48 -04:00
config.rs repo: move all source code in crates directory 2020-02-17 19:24:53 -05:00
logger.rs repo: move all source code in crates directory 2020-02-17 19:24:53 -05:00
main.rs repo: move all source code in crates directory 2020-02-17 19:24:53 -05:00
messages.rs repo: move all source code in crates directory 2020-02-17 19:24:53 -05:00
path_printer.rs style: fix rust-analyzer lints in core 2020-03-15 09:04:54 -04:00
README.md repo: make ripgrep build with the new organization 2020-02-17 19:24:53 -05:00
search.rs cli: fix arbitrary execution of program bug 2021-05-29 09:36:48 -04:00
subject.rs style: fix rust-analyzer lints in core 2020-03-15 09:04:54 -04:00

README.md

ripgrep core

This is the core ripgrep crate. In particular, main.rs is where the main function lives.

Most of ripgrep core consists of two things:

  • The definition of the CLI interface, including docs for every flag.
  • Glue code that brings the grep-matcher, grep-regex, grep-searcher and grep-printer crates together to actually execute the search.

Currently, there are no plans to make ripgrep core available as an independent library. However, much of the heavy lifting of ripgrep is done via its constituent crates, which can be reused independent of ripgrep. Unfortunately, there is no guide or tutorial to teach folks how to do this yet.