Merge branch 'hotfix.1' into next

Signed-off-by: Sayan Nandan <nandansayan@outlook.com>

.gitignore

@@ -3,4 +3,5 @@
 data.bin
 /server/snapshots
 snapstore.bin
-snapstore.partmap
+snapstore.partmap
+/snapshots 

.idea/workspace.xml

@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="CMakeRunConfigurationManager" shouldGenerate="true" shouldDeleteObsolete="true">
+    <generated />
+  </component>
+  <component name="CMakeSettings">
+    <configurations>
+      <configuration PROFILE_NAME="Debug" CONFIG_NAME="Debug" ENABLED="true" />
+    </configurations>
+  </component>
+  <component name="CargoProjects">
+    <cargoProject FILE="$PROJECT_DIR$/Cargo.toml" />
+  </component>
+  <component name="ChangeListManager">
+    <list default="true" id="05446e12-25fb-4f56-ae52-664b69a61212" name="Default Changelist" comment="">
+      <change beforePath="$PROJECT_DIR$/server/src/main.rs" beforeDir="false" afterPath="$PROJECT_DIR$/server/src/main.rs" afterDir="false" />
+    </list>
+    <option name="SHOW_DIALOG" value="false" />
+    <option name="HIGHLIGHT_CONFLICTS" value="true" />
+    <option name="HIGHLIGHT_NON_ACTIVE_CHANGELIST" value="false" />
+    <option name="LAST_RESOLUTION" value="IGNORE" />
+  </component>
+  <component name="ClangdSettings">
+    <option name="formatViaClangd" value="false" />
+  </component>
+  <component name="Git.Settings">
+    <option name="RECENT_GIT_ROOT_PATH" value="$PROJECT_DIR$" />
+  </component>
+  <component name="GitSEFilterConfiguration">
+    <file-type-list>
+      <filtered-out-file-type name="LOCAL_BRANCH" />
+      <filtered-out-file-type name="REMOTE_BRANCH" />
+      <filtered-out-file-type name="TAG" />
+      <filtered-out-file-type name="COMMIT_BY_MESSAGE" />
+    </file-type-list>
+  </component>
+  <component name="MacroExpansionManager">
+    <option name="directoryName" value="k3yyr5y2" />
+  </component>
+  <component name="ProjectId" id="1mjP2LZbFlEc2swjliVmxauGK9Q" />
+  <component name="ProjectLevelVcsManager" settingsEditedManually="true" />
+  <component name="ProjectViewState">
+    <option name="hideEmptyMiddlePackages" value="true" />
+    <option name="showLibraryContents" value="true" />
+    <option name="showVisibilityIcons" value="true" />
+  </component>
+  <component name="PropertiesComponent">
+    <property name="RunOnceActivity.OpenProjectViewOnStart" value="true" />
+    <property name="RunOnceActivity.ShowReadmeOnStart" value="true" />
+    <property name="WebServerToolWindowFactoryState" value="false" />
+    <property name="cf.first.check.clang-format" value="false" />
+    <property name="last_opened_file_path" value="$PROJECT_DIR$" />
+    <property name="nodejs_package_manager_path" value="npm" />
+    <property name="org.rust.cargo.project.model.PROJECT_DISCOVERY" value="true" />
+  </component>
+  <component name="RustProjectSettings">
+    <option name="toolchainHomeDirectory" value="$USER_HOME$/.cargo/bin" />
+  </component>
+  <component name="SpellCheckerSettings" RuntimeDictionaries="0" Folders="0" CustomDictionaries="0" DefaultDictionary="application-level" UseSingleDictionary="true" transferred="true" />
+  <component name="TaskManager">
+    <task active="true" id="Default" summary="Default task">
+      <changelist id="05446e12-25fb-4f56-ae52-664b69a61212" name="Default Changelist" comment="" />
+      <created>1610003825159</created>
+      <option name="number" value="Default" />
+      <option name="presentableId" value="Default" />
+      <updated>1610003825159</updated>
+      <workItem from="1610003832233" duration="85000" />
+      <workItem from="1610003959549" duration="724000" />
+    </task>
+    <servers />
+  </component>
+  <component name="TypeScriptGeneratedFilesManager">
+    <option name="version" value="3" />
+  </component>
+</project>

Cargo.lock

@@ -241,9 +241,9 @@ dependencies = [
 
 [[package]]
 name = "getrandom"
-version = "0.2.1"
+version = "0.2.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4060f4657be78b8e766215b02b18a2e862d83745545de804638e2b545e81aee6"
+checksum = "c9495705279e7140bf035dde1f6e750c162df8b625267cd52cc44e0b156732c8"
 dependencies = [
  "cfg-if",
  "libc",
@@ -252,9 +252,9 @@ dependencies = [
 
 [[package]]
 name = "hermit-abi"
-version = "0.1.17"
+version = "0.1.18"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5aca5565f760fb5b220e499d72710ed156fdb74e631659e99377d9ebfbd13ae8"
+checksum = "322f4de77956e22ed0e5032c359a0f1273f1f7f0d79bfa3b8ffbc730d7fbcc5c"
 dependencies = [
  "libc",
 ]
@@ -309,9 +309,9 @@ checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646"
 
 [[package]]
 name = "libc"
-version = "0.2.82"
+version = "0.2.86"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "89203f3fba0a3795506acaad8ebce3c80c0af93f994d5a1d7a0b1eeb23271929"
+checksum = "b7282d924be3275cec7f6756ff4121987bc6481325397dde6ba3e7802b1a8b1c"
 
 [[package]]
 name = "libsky"
@@ -463,9 +463,9 @@ dependencies = [
 
 [[package]]
 name = "parking_lot_core"
-version = "0.8.2"
+version = "0.8.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9ccb628cad4f84851442432c60ad8e1f607e29752d0bf072cbd0baf28aa34272"
+checksum = "fa7a782938e745763fe6907fc6ba86946d72f49fe7e21de074e08128a99fb018"
 dependencies = [
  "cfg-if",
  "instant",
@@ -477,18 +477,18 @@ dependencies = [
 
 [[package]]
 name = "pin-project"
-version = "1.0.4"
+version = "1.0.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "95b70b68509f17aa2857863b6fa00bf21fc93674c7a8893de2f469f6aa7ca2f2"
+checksum = "96fa8ebb90271c4477f144354485b8068bd8f6b78b428b01ba892ca26caf0b63"
 dependencies = [
  "pin-project-internal",
 ]
 
 [[package]]
 name = "pin-project-internal"
-version = "1.0.4"
+version = "1.0.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "caa25a6393f22ce819b0f50e0be89287292fda8d425be38ee0ca14c4931d9e71"
+checksum = "758669ae3558c6f74bd2a18b41f7ac0b5a195aea6639d6a9b5e5d1ad5ba24c0b"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -573,9 +573,9 @@ dependencies = [
 
 [[package]]
 name = "rand_core"
-version = "0.6.1"
+version = "0.6.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c026d7df8b298d90ccbbc5190bd04d85e159eaf5576caeacf8741da93ccbd2e5"
+checksum = "34cf66eb183df1c5876e2dcf6b13d57340741e8dc255b48e40a26de954d06ae7"
 dependencies = [
  "getrandom",
 ]
@@ -591,9 +591,12 @@ dependencies = [
 
 [[package]]
 name = "redox_syscall"
-version = "0.1.57"
+version = "0.2.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "41cc0f7e4d5d4544e8861606a285bb08d3e70712ccc7d2b84d7c0ccfaf4b05ce"
+checksum = "94341e4e44e24f6b591b59e47a8a027df12e008d73fd5672dbea9cc22f4507d9"
+dependencies = [
+ "bitflags",
+]
 
 [[package]]
 name = "regex"
@@ -786,11 +789,11 @@ dependencies = [
 
 [[package]]
 name = "thread_local"
-version = "1.1.0"
+version = "1.1.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bb9bc092d0d51e76b2b19d9d85534ffc9ec2db959a2523cdae0697e2972cd447"
+checksum = "8018d24e04c95ac8790716a5987d0fec4f8b27249ffa0f7d33f1369bdfb88cbd"
 dependencies = [
- "lazy_static",
+ "once_cell",
 ]
 
 [[package]]

server/src/admin/mksnap.rs

@@ -34,7 +34,7 @@ use crate::resp::GroupBegin;
 use libsky::terrapipe::RespCodes;
 use libsky::TResult;
 use std::hint::unreachable_unchecked;
-use std::path::PathBuf;
+use std::path::{Component, PathBuf};
 
 /// Create a snapshot
 ///
@@ -121,6 +121,25 @@ pub async fn mksnap(handle: &CoreDB, con: &mut Con<'_>, act: ActionGroup) -> TRe
             let mut path = PathBuf::from(DIR_SNAPSHOT);
             path.push("remote");
             path.push(snapname.to_owned() + ".snapshot");
+            let illegal_snapshot = path
+                .components()
+                .filter(|dir| {
+                    // Sanitize snapshot name, to avoid directory traversal attacks
+                    // If the snapshot name has any root directory or parent directory, then
+                    // we'll allow it to pass through this adaptor.
+                    // As a result, this iterator will give us a count of the 'bad' components
+                    dir == &Component::RootDir || dir == &Component::ParentDir
+                })
+                .count()
+                != 0;
+            if illegal_snapshot {
+                con.write_response(GroupBegin(1)).await?;
+                return con
+                    .write_response(RespCodes::OtherError(Some(
+                        "err-invalid-snapshot-name".to_owned(),
+                    )))
+                    .await;
+            }
             let failed;
             {
                 match diskstore::flush_data(&path, &handle.acquire_read().get_ref()) {
@@ -146,4 +165,4 @@ pub async fn mksnap(handle: &CoreDB, con: &mut Con<'_>, act: ActionGroup) -> TRe
                 .await;
         }
     }
-}
+}

server/src/cli.yml

@@ -3,81 +3,79 @@ version: 0.5.1
 author: Sayan N. <ohsayan@outlook.com>
 about: The Skybase Database server
 args:
-  - config:
-      short: c
-      required: false
-      long: withconfig
-      value_name: cfgfile
-      help: Sets a configuration file to start sdb
-      takes_value: true
-  - restore:
-      short: r
-      required: false
-      long: restore
-      value_name: snapshotfile
-      help: Restores data from a previous snapshot
-      takes_value: true
-  - host:
-      short: h
-      required: false
-      long: host
-      value_name: host
-      help: Sets the host to which the server will bind
-      takes_value: true
-  - port:
-      short: p
-      required: false
-      long: port
-      value_name: port
-      help: Sets the port to which the server will bind
-      takes_value: true
-  - noart:
-      required: false
-      long: noart
-      help: Disables terminal artwork
-      takes_value: false
-  - nosave:
-      required: false
-      long: nosave
-      help: Disables automated background saving
-      takes_value: false
-  - saveduration:
-      required: false
-      long: saveduration
-      value_name: duration
-      short: S
-      takes_value: true
-      help: Set the BGSAVE duration
-  - snapevery:
-      required: false
-      long: snapevery
-      value_name: duration
-      help: Set the periodic snapshot duration
-      takes_value: true
-  - snapkeep:
-      required: false
-      long: snapkeep
-      value_name: count
-      help: Sets the number of most recent snapshots to keep
-      takes_value: true
-  - sslkey:
-      required: false
-      long: sslkey
-      short: k
-      value_name: key
-      help: Sets the PEM key file to use for SSL/TLS
-      takes_value: true
-  - sslchain:
-      required: false
-      long: sslchain
-      short: z
-      value_name: chain
-      help: Sets the PEM chain file to use for SSL/TLS
-      takes_value: true
-  - sslonly:
-      required: false
-      long: sslonly
-      takes_value: false
-      help: >-
-        Tells the server to only accept SSL connections and disables the non-SSL
-        port
+    - config:
+          short: c
+          required: false
+          long: withconfig
+          value_name: cfgfile
+          help: Sets a configuration file to start sdb
+          takes_value: true
+    - restore:
+          short: r
+          required: false
+          long: restore
+          value_name: snapshotfile
+          help: Restores data from a previous snapshot
+          takes_value: true
+    - host:
+          short: h
+          required: false
+          long: host
+          value_name: host
+          help: Sets the host to which the server will bind
+          takes_value: true
+    - port:
+          short: p
+          required: false
+          long: port
+          value_name: port
+          help: Sets the port to which the server will bind
+          takes_value: true
+    - noart:
+          required: false
+          long: noart
+          help: Disables terminal artwork
+          takes_value: false
+    - nosave:
+          required: false
+          long: nosave
+          help: Disables automated background saving
+          takes_value: false
+    - saveduration:
+          required: false
+          long: saveduration
+          value_name: duration
+          short: S
+          takes_value: true
+          help: Set the BGSAVE duration
+    - snapevery:
+          required: false
+          long: snapevery
+          value_name: duration
+          help: Set the periodic snapshot duration
+          takes_value: true
+    - snapkeep:
+          required: false
+          long: snapkeep
+          value_name: count
+          help: Sets the number of most recent snapshots to keep
+          takes_value: true
+    - sslkey:
+          required: false
+          long: sslkey
+          short: k
+          value_name: key
+          help: Sets the PEM key file to use for SSL/TLS
+          takes_value: true
+    - sslchain:
+          required: false
+          long: sslchain
+          short: z
+          value_name: chain
+          help: Sets the PEM chain file to use for SSL/TLS
+          takes_value: true
+    - sslonly:
+          required: false
+          long: sslonly
+          takes_value: false
+          help: Tells the server to only accept SSL connections and disables the non-SSL port

server/src/tests/kvengine.rs

@@ -667,4 +667,21 @@ mod __private {
         stream.read_exact(&mut response).await.unwrap();
         assert_eq!(res_should_be, response);
     }
+    async fn test_mksnap_sanitization() {
+        let res_should_be = "#2\n*1\n#2\n&1\n!25\nerr-invalid-snapshot-name\n"
+            .to_owned()
+            .into_bytes();
+        // First check parent directory syntax
+        let query = terrapipe::proc_query("MKSNAP ../../badsnappy");
+        stream.write_all(&query).await.unwrap();
+        let mut response = vec![0; res_should_be.len()];
+        stream.read_exact(&mut response).await.unwrap();
+        assert_eq!(res_should_be, response);
+        // Now check root directory syntax
+        let query = terrapipe::proc_query("MKSNAP /var/omgcrazysnappy");
+        stream.write_all(&query).await.unwrap();
+        let mut response = vec![0; res_should_be.len()];
+        stream.read_exact(&mut response).await.unwrap();
+        assert_eq!(res_should_be, response);
+    }
 }

sky-bench/src/cli.yml

@@ -24,7 +24,7 @@ version: 0.5.1
 author: Sayan N. <ohsayan@outlook.com>
 about: |
         The Skybase benchmark tool can be used to benchmark Skybase installations. 
-        If you find any issues, then report one here: https://github.com/Skybase/Skybase
+        If you find any issues, then report one here: https://github.com/skybasedb/skybase
 args:
         - connections:
                   short: c

sky-bench/src/main.rs

@@ -313,4 +313,4 @@ mod benchtool {
 
 fn main() {
     benchtool::runner();
-}
+}