Описание
Copier safe template has arbitrary filesystem read access via symlinks when _preserve_symlinks: false
Impact
Copier suggests that it's safe to generate a project from a safe template, i.e. one that doesn't use unsafe features like custom Jinja extensions which would require passing the --UNSAFE,--trust flag. As it turns out, a safe template can currently include arbitrary files/directories outside the local template clone location by using symlinks along with _preserve_symlinks: false (which is Copier's default setting).
Imagine, e.g., a malicious template author who creates a template that reads SSH keys or other secrets from well-known locations and hopes for a user to push the generated project to a public location like github.com where the template author can extract the secrets.
Reproducible example:
-
Illegally include a file in the generated project via symlink resolution:
echo "s3cr3t" > secret.txt mkdir src/ pushd src/ ln -s ../secret.txt stolen-secret.txt popd uvx copier copy src/ dst/ cat dst/stolen-secret.txt #s3cr3t -
Illegally include a directory in the generated project via symlink resolution:
mkdir secrets/ pushd secrets/ echo "s3cr3t" > secret.txt popd mkdir src/ pushd src/ ln -s ../secrets stolen-secrets popd uvx copier copy src/ dst/ tree dst/ # dst/ # └── stolen-secrets # └── secret.txt # # 1 directory, 1 file cat dst/stolen-secrets/secret.txt # s3cr3t
Patches
n/a
Workarounds
n/a
References
n/a
Пакеты
copier
< 9.11.2
9.11.2
Связанные уязвимости
Copier is a library and CLI app for rendering project templates. Prior to version 9.11.2, Copier suggests that it's safe to generate a project from a safe template, i.e. one that doesn't use unsafe features like custom Jinja extensions which would require passing the `--UNSAFE,--trust` flag. As it turns out, a safe template can currently include arbitrary files/directories outside the local template clone location by using symlinks along with `_preserve_symlinks: false` (which is Copier's default setting). Version 9.11.2 patches the issue.