From e0b6aaa6971e9e2757add01ba4b8966fc95df87b Mon Sep 17 00:00:00 2001 From: GarrettBeatty Date: Tue, 6 May 2025 11:18:32 -0400 Subject: [PATCH] semgrep updates --- .semgrepignore | 7 +++++++ .../SampleRequests/SampleRequestManager.cs | 6 ++++-- .../src/Amazon.Lambda.TestTool.BlazorTester/Startup.cs | 10 +++++++++- .../SampleRequests/SampleRequestManager.cs | 5 +++-- 4 files changed, 23 insertions(+), 5 deletions(-) diff --git a/.semgrepignore b/.semgrepignore index 5a02b9ea5..2520b5b60 100644 --- a/.semgrepignore +++ b/.semgrepignore @@ -1,4 +1,5 @@ # Ignore test and example files containing dummy credentials + **/test/**/*.json **/tests/**/*.json **/SampleRequests/**/*.json @@ -7,6 +8,12 @@ **/*.min.js **/env.configs.yml +# ignore template files +Blueprints/BlueprintDefinitions/vs2017/*/template/** +Blueprints/BlueprintDefinitions/vs2019/*/template/** +Blueprints/BlueprintDefinitions/vs2022/*/template/** +Libraries/test/*/** + # Ignore third-party libraries **/node_modules/** **/vendor/** diff --git a/Tools/LambdaTestTool-v2/src/Amazon.Lambda.TestTool/SampleRequests/SampleRequestManager.cs b/Tools/LambdaTestTool-v2/src/Amazon.Lambda.TestTool/SampleRequests/SampleRequestManager.cs index 88e952ea9..30045e9d2 100644 --- a/Tools/LambdaTestTool-v2/src/Amazon.Lambda.TestTool/SampleRequests/SampleRequestManager.cs +++ b/Tools/LambdaTestTool-v2/src/Amazon.Lambda.TestTool/SampleRequests/SampleRequestManager.cs @@ -96,7 +96,8 @@ public string GetRequest(string name) { name = name.Substring(name.IndexOf("@") + 1); var savedRequestDirectory = GetSavedRequestDirectory(); - var path = Path.Combine(savedRequestDirectory, name); + var sanitizedName = Path.GetFileName(name); + var path = Path.Combine(savedRequestDirectory, sanitizedName); return File.ReadAllText(path); } return GetEmbeddedResource(name); @@ -110,7 +111,8 @@ public string SaveRequest(string name, string content) if (!Directory.Exists(savedRequestDirectory)) Directory.CreateDirectory(savedRequestDirectory); - File.WriteAllText(Path.Combine(savedRequestDirectory, filename), content); + var sanitizedFilename = Path.GetFileName(filename); + File.WriteAllText(Path.Combine(savedRequestDirectory, sanitizedFilename), content); return $"{SavedRequestDirectory}@{filename}"; } diff --git a/Tools/LambdaTestTool/src/Amazon.Lambda.TestTool.BlazorTester/Startup.cs b/Tools/LambdaTestTool/src/Amazon.Lambda.TestTool.BlazorTester/Startup.cs index 34e07a8aa..a0b464d4b 100644 --- a/Tools/LambdaTestTool/src/Amazon.Lambda.TestTool.BlazorTester/Startup.cs +++ b/Tools/LambdaTestTool/src/Amazon.Lambda.TestTool.BlazorTester/Startup.cs @@ -109,7 +109,15 @@ public void ConfigureServices(IServiceCollection services) // This method gets called by the runtime. Use this method to configure the HTTP request pipeline. public void Configure(IApplicationBuilder app, IWebHostEnvironment env) { - app.UseDeveloperExceptionPage(); + if (env.IsDevelopment()) + { + app.UseDeveloperExceptionPage(); + } + else + { + app.UseExceptionHandler("/Error"); + app.UseHsts(); + } app.UseStaticFiles(); diff --git a/Tools/LambdaTestTool/src/Amazon.Lambda.TestTool/SampleRequests/SampleRequestManager.cs b/Tools/LambdaTestTool/src/Amazon.Lambda.TestTool/SampleRequests/SampleRequestManager.cs index c7f978d97..a8a7e40de 100644 --- a/Tools/LambdaTestTool/src/Amazon.Lambda.TestTool/SampleRequests/SampleRequestManager.cs +++ b/Tools/LambdaTestTool/src/Amazon.Lambda.TestTool/SampleRequests/SampleRequestManager.cs @@ -102,7 +102,8 @@ public string GetRequest(string name) if(name.StartsWith(SAVED_REQUEST_DIRECTORY + "@")) { name = name.Substring(name.IndexOf("@") + 1); - var path = Path.Combine(this.GetSavedRequestDirectory(), name); + var sanitizedName = Path.GetFileName(name); // Sanitize the filename to prevent path traversal + var path = Path.Combine(this.GetSavedRequestDirectory(), sanitizedName); return File.ReadAllText(path); } return GetEmbeddedResource(name); @@ -146,4 +147,4 @@ public string GetSavedRequestDirectory() return path; } } -} \ No newline at end of file +}