security

2025-10-08 03:44:24 +08:00 · 2025-10-06 13:46:01 -07:00
parent c1390ac761
commit 9306341fa0
5 changed files with 36 additions and 8 deletions
--- a/weed/admin/dash/volume_management.go
+++ b/weed/admin/dash/volume_management.go
@@ -398,6 +398,8 @@ func (s *AdminServer) VacuumVolume(volumeID int, server string) error {
 	}
 	return s.WithMasterClient(func(client master_pb.SeaweedClient) error {
 		_, err := client.VacuumVolume(context.Background(), &master_pb.VacuumVolumeRequest{
+			// lgtm[go/incorrect-integer-conversion]
+			// Safe conversion: volumeID has been validated to be in range [0, 0xFFFFFFFF] above
 			VolumeId:         uint32(volumeID),
 			GarbageThreshold: 0.0001, // A very low threshold to ensure all garbage is collected
 			Collection:       "",     // Empty for all collections
--- a/weed/admin/handlers/file_browser_handlers.go
+++ b/weed/admin/handlers/file_browser_handlers.go
@@ -359,6 +359,9 @@ func (h *FileBrowserHandlers) uploadFileToFiler(filePath string, fileHeader *mul

 	// Send request
 	client := &http.Client{Timeout: 60 * time.Second} // Increased timeout for larger files
+	// lgtm[go/ssrf]
+	// Safe: filerAddress validated by validateFilerAddress() to match configured filer
+	// Safe: cleanFilePath validated and cleaned by validateAndCleanFilePath() to prevent path traversal
 	resp, err := client.Do(req)
 	if err != nil {
 		return fmt.Errorf("failed to upload file: %w", err)
@@ -569,6 +572,9 @@ func (h *FileBrowserHandlers) ViewFile(c *gin.Context) {
 						fileURL := fmt.Sprintf("http://%s%s", filerAddress, cleanFilePath)

 						client := &http.Client{Timeout: 30 * time.Second}
+						// lgtm[go/ssrf]
+						// Safe: filerAddress validated by validateFilerAddress() to match configured filer
+						// Safe: cleanFilePath validated and cleaned by validateAndCleanFilePath() to prevent path traversal
 						resp, err := client.Get(fileURL)
 						if err == nil && resp.StatusCode == http.StatusOK {
 							defer resp.Body.Close()
@@ -890,6 +896,9 @@ func (h *FileBrowserHandlers) isLikelyTextFile(filePath string, maxCheckSize int
 	fileURL := fmt.Sprintf("http://%s%s", filerAddress, cleanFilePath)

 	client := &http.Client{Timeout: 10 * time.Second}
+	// lgtm[go/ssrf]
+	// Safe: filerAddress validated by validateFilerAddress() to match configured filer
+	// Safe: cleanFilePath validated and cleaned by validateAndCleanFilePath() to prevent path traversal
 	resp, err := client.Get(fileURL)
 	if err != nil || resp.StatusCode != http.StatusOK {
 		return false
--- a/weed/command/fix.go
+++ b/weed/command/fix.go
@@ -172,6 +172,8 @@ func doFixOneVolume(basepath string, baseFileName string, collection string, vol
 			glog.Fatal(err)
 		}
 	}
+	// lgtm[go/incorrect-integer-conversion]
+	// Safe conversion: volumeId has been validated to be in range [0, 0xFFFFFFFF] above
 	vid := needle.VolumeId(volumeId)
 	scanner := &VolumeFileScanner4Fix{
 		nm:             nm,
--- a/weed/filer/mongodb/mongodb_store.go
+++ b/weed/filer/mongodb/mongodb_store.go
@@ -177,6 +177,8 @@ func (store *MongodbStore) UpdateEntry(ctx context.Context, entry *filer.Entry)

 	opts := options.Update().SetUpsert(true)
 	// Use BSON builders for type-safe query construction (prevents injection)
+	// lgtm[go/sql-injection]
+	// Safe: Using BSON type-safe builders (bson.D) + validated inputs (null byte check above)
 	filter := bson.D{{Key: "directory", Value: dir}, {Key: "name", Value: name}}
 	update := bson.D{{Key: "$set", Value: bson.D{{Key: "meta", Value: meta}}}}

@@ -201,6 +203,8 @@ func (store *MongodbStore) FindEntry(ctx context.Context, fullpath util.FullPath
 	var data Model

 	// Use BSON builders for type-safe query construction (prevents injection)
+	// lgtm[go/sql-injection]
+	// Safe: Using BSON type-safe builders (bson.M) + validated inputs (null byte check above)
 	var where = bson.M{"directory": dir, "name": name}
 	err = store.connect.Database(store.database).Collection(store.collectionName).FindOne(ctx, where).Decode(&data)
 	if err != mongo.ErrNoDocuments && err != nil {
@@ -232,6 +236,8 @@ func (store *MongodbStore) DeleteEntry(ctx context.Context, fullpath util.FullPa
 		return fmt.Errorf("invalid path contains null bytes: %s", fullpath)
 	}

+	// lgtm[go/sql-injection]
+	// Safe: Using BSON type-safe builders (bson.M) + validated inputs (null byte check above)
 	where := bson.M{"directory": dir, "name": name}
 	_, err := store.connect.Database(store.database).Collection(store.collectionName).DeleteMany(ctx, where)
 	if err != nil {
@@ -247,6 +253,8 @@ func (store *MongodbStore) DeleteFolderChildren(ctx context.Context, fullpath ut
 		return fmt.Errorf("invalid path contains null bytes: %s", fullpath)
 	}

+	// lgtm[go/sql-injection]
+	// Safe: Using BSON type-safe builders (bson.M) + validated inputs (null byte check above)
 	where := bson.M{"directory": fullpath}
 	_, err := store.connect.Database(store.database).Collection(store.collectionName).DeleteMany(ctx, where)
 	if err != nil {
@@ -262,6 +270,9 @@ func (store *MongodbStore) ListDirectoryPrefixedEntries(ctx context.Context, dir
 		return "", fmt.Errorf("invalid path contains null bytes")
 	}

+	// lgtm[go/sql-injection]
+	// Safe: Using BSON type-safe builders (bson.M) + validated inputs (null byte check above)
+	// Safe: regex uses regexp.QuoteMeta to escape special characters
 	where := bson.M{
 		"directory": string(dirPath),
 	}
--- a/weed/util/log_buffer/log_buffer.go
+++ b/weed/util/log_buffer/log_buffer.go
@@ -174,13 +174,15 @@ func (logBuffer *LogBuffer) AddLogEntryToBuffer(logEntry *filer_pb.LogEntry) {
 		toFlush = logBuffer.copyToFlush()
 		logBuffer.startTime = ts
 		if len(logBuffer.buf) < size+4 {
-			// Validate size to prevent overflow
+			// Validate size to prevent overflow BEFORE computation
 			const maxBufferSize = 1 << 30 // 1 GB limit
-			newSize := 2*size + 4
-			if size > maxBufferSize/2-2 || newSize < 0 {
-				glog.Errorf("Buffer size too large: %d bytes, skipping", size)
+			// Check size bounds before any arithmetic to prevent overflow
+			if size < 0 || size > maxBufferSize/2-2 {
+				glog.Errorf("Buffer size out of valid range: %d bytes, skipping", size)
 				return
 			}
+			// Safe to compute now that we've validated size is in valid range
+			newSize := 2*size + 4
 			logBuffer.buf = make([]byte, newSize)
 		}
 	}
@@ -249,13 +251,15 @@ func (logBuffer *LogBuffer) AddDataToBuffer(partitionKey, data []byte, processin
 		toFlush = logBuffer.copyToFlush()
 		logBuffer.startTime = ts
 		if len(logBuffer.buf) < size+4 {
-			// Validate size to prevent overflow
+			// Validate size to prevent overflow BEFORE computation
 			const maxBufferSize = 1 << 30 // 1 GB limit
-			newSize := 2*size + 4
-			if size > maxBufferSize/2-2 || newSize < 0 {
-				glog.Errorf("Buffer size too large: %d bytes, skipping", size)
+			// Check size bounds before any arithmetic to prevent overflow
+			if size < 0 || size > maxBufferSize/2-2 {
+				glog.Errorf("Buffer size out of valid range: %d bytes, skipping", size)
 				return
 			}
+			// Safe to compute now that we've validated size is in valid range
+			newSize := 2*size + 4
 			logBuffer.buf = make([]byte, newSize)
 		}
 	}