Skip to content

File Sandboxing, Directory Limiting, and Multiple Template Sources

Pre-release
Pre-release
Compare
Choose a tag to compare
@tanner0101 tanner0101 released this 19 Jun 22:26
4.0.0-rc.1.3
7f5f878
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
This patch was authored and released by @tdotclare.

LeafSources, LeafSource and File Sandboxing/Limiting in NIOLeafFiles

This update aligns Vapor+Leaf bindings to use LeafKit 1.0.0rc-1.11 API changes for sandboxing and file security behaviors, and using multiple sources for raw Leaf templates:

  • LeafSources stores multiple LeafSource*-adhering objects by name and maintains a default search order of which objects to attempt to read from
  • LeafSource (previously LeafFiles) represents any object with a directed behavior for interpreting a template name into its own reading space (eg, a filesystem or database)
  • NIOLeafFiles gains initialization configuration for sandboxing and reading-limit behavior

For more details, please refer to the associated LeafKit update:
LeafKit 1.0.0rc-1.11: LeafSources, LeafSource and File Sandboxing/Limiting in NIOLeafFiles

BREAKING CHANGES FOR UNUSUAL USAGE CASES

If you are using a custom adherent to LeafFiles, you should update your object definition to conform to LeafSource and will no longer be able to access it via app.leaf.files. You will also need to expand "template" into a fully qualified file system path, if appropriate, internally - LeafRenderer will no longer directly expand the path before requesting it from a LeafSource

Adherents that wrapped NIOLeafFiles to use multiple directories may be better served by the new ability to have multiple LeafSource objects searched.

Please see above link to LeafKit

NOTES

  • Default behavior for file access now limits all template references to prevent relative paths from escaping the configured ViewDirectory, and to block access to files without extensions, hidden files, or files in hidden directories.

  • These behaviors can be configured by setting Application.leaf.sources to LeafSources.singleSource(customNIOLeafFiles) where the NIOLeafFiles initializer takes custom settings (for example, to allow absolute/relative paths to escape to a configured higher level directory, or to block access to any file NOT ending in .leaf), and allows setting the default directory to attempt to read from.

Additional Changes

Updates Package.swift to require Vapor 4 release

Assets 2
Loading