mirror of
https://github.com/pi-hole/pi-hole
synced 2025-01-03 04:30:55 +00:00
Merge pull request from GHSA-95g6-7q26-mp9x
Only use local files (file://) when they have explicit permissions a+r
This commit is contained in:
commit
f3af03174e
32
gravity.sh
32
gravity.sh
@ -503,6 +503,7 @@ compareLists() {
|
|||||||
gravity_DownloadBlocklistFromUrl() {
|
gravity_DownloadBlocklistFromUrl() {
|
||||||
local url="${1}" adlistID="${2}" saveLocation="${3}" target="${4}" compression="${5}"
|
local url="${1}" adlistID="${2}" saveLocation="${3}" target="${4}" compression="${5}"
|
||||||
local heisenbergCompensator="" listCurlBuffer str httpCode success="" ip cmd_ext
|
local heisenbergCompensator="" listCurlBuffer str httpCode success="" ip cmd_ext
|
||||||
|
local file_path permissions ip_addr port blocked=false download=true
|
||||||
|
|
||||||
# Create temp file to store content on disk instead of RAM
|
# Create temp file to store content on disk instead of RAM
|
||||||
# We don't use '--suffix' here because not all implementations of mktemp support it, e.g. on Alpine
|
# We don't use '--suffix' here because not all implementations of mktemp support it, e.g. on Alpine
|
||||||
@ -519,7 +520,6 @@ gravity_DownloadBlocklistFromUrl() {
|
|||||||
|
|
||||||
str="Status:"
|
str="Status:"
|
||||||
echo -ne " ${INFO} ${str} Pending..."
|
echo -ne " ${INFO} ${str} Pending..."
|
||||||
blocked=false
|
|
||||||
case $BLOCKINGMODE in
|
case $BLOCKINGMODE in
|
||||||
"IP-NODATA-AAAA"|"IP")
|
"IP-NODATA-AAAA"|"IP")
|
||||||
# Get IP address of this domain
|
# Get IP address of this domain
|
||||||
@ -560,8 +560,36 @@ gravity_DownloadBlocklistFromUrl() {
|
|||||||
cmd_ext="--resolve $domain:$port:$ip"
|
cmd_ext="--resolve $domain:$port:$ip"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# If we are going to "download" a local file, we first check if the target
|
||||||
|
# file has a+r permission. We explicitly check for all+read because we want
|
||||||
|
# to make sure that the file is readable by everyone and not just the user
|
||||||
|
# running the script.
|
||||||
|
if [[ $url == "file://"* ]]; then
|
||||||
|
# Get the file path
|
||||||
|
file_path=$(echo "$url" | cut -d'/' -f3-)
|
||||||
|
# Check if the file exists
|
||||||
|
if [[ ! -e $file_path ]]; then
|
||||||
|
# Output that the file does not exist
|
||||||
|
echo -e "${OVER} ${CROSS} ${file_path} does not exist"
|
||||||
|
download=false
|
||||||
|
else
|
||||||
|
# Check if the file has a+r permissions
|
||||||
|
permissions=$(stat -c "%a" "$file_path")
|
||||||
|
if [[ $permissions == "??4" || $permissions == "??5" || $permissions == "??6" || $permissions == "??7" ]]; then
|
||||||
|
# Output that we are using the local file
|
||||||
|
echo -e "${OVER} ${INFO} Using local file ${file_path}"
|
||||||
|
else
|
||||||
|
# Output that the file does not have the correct permissions
|
||||||
|
echo -e "${OVER} ${CROSS} Cannot read file (file needs to have a+r permission)"
|
||||||
|
download=false
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ "${download}" == true ]]; then
|
||||||
# shellcheck disable=SC2086
|
# shellcheck disable=SC2086
|
||||||
httpCode=$(curl --connect-timeout ${curl_connect_timeout} -s -L ${compression} ${cmd_ext} ${heisenbergCompensator} -w "%{http_code}" "${url}" -o "${listCurlBuffer}" 2> /dev/null)
|
httpCode=$(curl --connect-timeout ${curl_connect_timeout} -s -L ${compression} ${cmd_ext} ${heisenbergCompensator} -w "%{http_code}" "${url}" -o "${listCurlBuffer}" 2> /dev/null)
|
||||||
|
fi
|
||||||
|
|
||||||
case $url in
|
case $url in
|
||||||
# Did we "download" a local file?
|
# Did we "download" a local file?
|
||||||
@ -569,7 +597,7 @@ gravity_DownloadBlocklistFromUrl() {
|
|||||||
if [[ -s "${listCurlBuffer}" ]]; then
|
if [[ -s "${listCurlBuffer}" ]]; then
|
||||||
echo -e "${OVER} ${TICK} ${str} Retrieval successful"; success=true
|
echo -e "${OVER} ${TICK} ${str} Retrieval successful"; success=true
|
||||||
else
|
else
|
||||||
echo -e "${OVER} ${CROSS} ${str} Not found / empty list"
|
echo -e "${OVER} ${CROSS} ${str} Retrieval failed / empty list"
|
||||||
fi;;
|
fi;;
|
||||||
# Did we "download" a remote file?
|
# Did we "download" a remote file?
|
||||||
*)
|
*)
|
||||||
|
Loading…
Reference in New Issue
Block a user