IJHack / QtPass / 25731493901 / 1
55%
main: 55%

DEFAULT BRANCH: main
Ran
Files 72
Run time 3s
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 28.416% (+0.2%) from 28.263%
25731493901.1

push

github

web-flow 
fix(security): path-traversal hardening in new-file/rename + drag/drop (#1464)

User-typed names in MainWindow's "new file" / "new folder" / "rename"
input dialogs were concatenated with the current store-relative directory
and passed onward without validation. A user could type
"../../etc/passwd" (or paste an absolute path) and QtPass would happily
create / move / rename outside the password store via GPG encryption.

Symmetric weakness in StoreModel::executeDropAction: the encoded mime
payload was trusted, and there was no check that the resolved source +
destination paths stayed inside the store. A crafted drop or a symlink
inside the store pointing outside (e.g. into ~/.ssh) would escape.

Fix:

- Util::isPathInStore(storeRoot, candidate): canonicalises the candidate
  via QFileInfo::canonicalFilePath() for existing targets, or canonicalises
  the nearest existing ancestor and re-appends the leaf for not-yet-created
  paths. Returns true iff the result is equal to or strictly inside the
  canonicalised store root. Catches `..` escapes, absolute escapes, and
  symlink-out from inside the store.

- MainWindow::confirmPathInStore(): wraps Util::isPathInStore and shows a
  non-blocking "Invalid name" warning before bailing. Called from
  addPassword, addFolder, renameFolder, renamePassword before the Insert /
  mkdir / Move call.

- StoreModel::executeDropAction(): rejects (returns false) any drop whose
  source or destination resolves outside the store, logging a warning.
  Both endpoints are validated; final move destination is constructed
  from a canonical-inside-store base plus a leaf segment (QFileInfo's
  fileName() returns just the last path component), so the constructed
  target is always inside the store.

Tests (tst_util): 6 new cases — happy path, `..` escape, absolute path
escape, symlink-out escape (skipped on Windows where link creation needs
elevation), allows-new-child for the create flow, and empty-args edge
cases.

Build clean, 119... (continued)

1909 of 6718 relevant lines covered (28.42%)

26.99 hits per line

Source Files on job 25731493901.1