Escape LevalDB namespaces

This commit requires changes in master:
  - bfe255f
  - f330ca5
  - 573597d

Author: ohtake

package.json

@@ -77,6 +77,7 @@
     "postcss-loader": "^2.0.10",
     "react-test-renderer": "^16.2.0",
     "rimraf": "^2.6.2",
+    "sanitize-filename": "^1.6.1",
     "sinon": "^4.2.0",
     "source-map-explorer": "^1.5.0",
     "webpack": "^3.10.0",

server-websocket.js

@@ -16,6 +16,8 @@ import crypto from 'crypto';
 import { join, sep } from 'path';
 import { lstatSync, readdirSync } from 'fs';
 
+import LevelDBLib from './src/server/LevelDBLib';
+
 Y.extend(yWebsocketsServer, yleveldb);
 
 const isDirectory = (source) => {
@@ -46,7 +48,7 @@ const server = http.createServer((req, res) => {
 const io = socketIo.listen(server);
 
 const yInstances = {};
-const dirs = getDirectories('y-leveldb-databases').map(p => p.split(sep)[1]);
+const dirs = getDirectories('y-leveldb-databases').map(p => LevelDBLib.unescapeNamespace(p.split(sep)[1]));
 const metadata = dirs.reduce((accumulator, d) => Object.assign(accumulator, { [d]: {} }), {});
 
 function getInstanceOfY(room) {
@@ -55,7 +57,7 @@ function getInstanceOfY(room) {
       db: {
         name: options.db,
         dir: 'y-leveldb-databases',
-        namespace: room,
+        namespace: LevelDBLib.escapeNamespace(room),
       },
       connector: {
         name: 'websockets-server',

src/server/LevelDBLib.js

@@ -0,0 +1,30 @@
+const unsafeChars = /[^-_a-zA-Z0-9]/g;
+const windowsReserved = /^(con|prn|aux|nul|com[0-9]|lpt[0-9])(\..*)?$/i;
+const escapeSeq = /%([_0-9a-fA-F]+)%/g;
+
+export default class LevelDBLib {
+  /**
+   * It escapes a namespace to a safe file name.
+   * This function is injective.
+   * @param {string} namespace namespace of Level DB
+   * @returns {string}
+   */
+  static escapeNamespace(namespace) {
+    if (!namespace) return '%_%';
+    if (namespace.match(windowsReserved)) {
+      return `%_%${namespace}`;
+    }
+    return namespace.replace(unsafeChars, substr => `%${substr.charCodeAt(0).toString(16)}%`);
+  }
+  /**
+   * Reversed function of escapeNamespace.
+   * @param {string} escapedNamedpace file name generated by escapeNamespace
+   * @returns {string}
+   */
+  static unescapeNamespace(escapedNamedpace) {
+    return escapedNamedpace.replace(escapeSeq, (substr, group) => {
+      if (group === '_') return '';
+      return String.fromCharCode(parseInt(group, 16));
+    });
+  }
+}

test/server/LevelDBLib.ava.js

@@ -0,0 +1,93 @@
+import test from 'ava';
+import sanitize from 'sanitize-filename';
+
+import LevelDBLib from '../../src/server/LevelDBLib';
+
+const unsafePaths = [
+  // path traversal
+  '/',
+  '/etc/passwd',
+  '.',
+  './..',
+  './dir/../..',
+  '..',
+  '../',
+  // invalid filename
+  '',
+  ' ',
+  'last space ',
+  'last-dot.',
+  'con',
+  'con.txt',
+  'nul',
+  // illegal chars
+  'question?mark?char',
+  'angle<>char',
+  'asterisk*char',
+  'null\0char',
+  'newline\nchar',
+  'tab\tchar',
+  // path separator
+  'dir/file',
+  'dir\\file',
+];
+
+/** @test {LevelDBLib.escapeNamespace} */
+test('escapeNamespace should escape unsafe path', t => {
+  unsafePaths.forEach(p => {
+    const escaped = LevelDBLib.escapeNamespace(p);
+    t.not(p, escaped, 'should escape unsafe filename');
+    const sanitizedEscaped = sanitize(escaped);
+    t.is(escaped, sanitizedEscaped, 'escaped namespace must be a safe filename');
+  });
+});
+
+/** @test {LevelDBLib.unescapeNamespace} */
+test('unescapeNamespace should unescape path', t => {
+  unsafePaths.forEach(p => {
+    const escaped = LevelDBLib.escapeNamespace(p);
+    const unescaped = LevelDBLib.unescapeNamespace(escaped);
+    t.is(p, unescaped);
+  });
+});
+
+/** @test {LevelDBLib.escapeNamespace} */
+test('escapeNamespace should be injective', t => {
+  const inputs = new Set([
+    '',
+    '%',
+    '%%',
+    '%%%',
+    '%_%',
+    '%%_%',
+    '%%__%',
+    '%1%',
+    '%01%',
+  ]);
+  const outputs = new Set();
+  inputs.forEach(p => {
+    const escaped = LevelDBLib.escapeNamespace(p);
+    t.false(outputs.has(escaped), `not injective: ${p} -> ${escaped}`);
+    outputs.add(escaped);
+  });
+});
+
+/** @test {LevelDBLib.escapeNamespace} */
+test('escapeNamespace should handle non-ascii chars', t => {
+  const inputs = new Set([
+    'ひらがな',
+    'カタカナ',
+    '漢字',
+    '汉语',
+    '한글',
+    'عربی زبان',
+  ]);
+  inputs.forEach(p => {
+    const escaped = LevelDBLib.escapeNamespace(p);
+    t.not(p, escaped, 'should escape');
+    const sanitizedEscaped = sanitize(escaped);
+    t.is(escaped, sanitizedEscaped, 'escaped namespace must be a safe filename');
+    const unescaped = LevelDBLib.unescapeNamespace(escaped);
+    t.is(p, unescaped, 'should restore to non-ascii');
+  });
+});

yarn.lock

@@ -8789,6 +8789,12 @@ [email protected]:
   version "1.3.0"
   resolved "https://registry.yarnpkg.com/samsam/-/samsam-1.3.0.tgz#8d1d9350e25622da30de3e44ba692b5221ab7c50"
 
+sanitize-filename@^1.6.1:
+  version "1.6.1"
+  resolved "https://registry.yarnpkg.com/sanitize-filename/-/sanitize-filename-1.6.1.tgz#612da1c96473fa02dccda92dcd5b4ab164a6772a"
+  dependencies:
+    truncate-utf8-bytes "^1.0.0"
+
 sax@^1.1.4, sax@~1.2.1:
   version "1.2.4"
   resolved "https://registry.yarnpkg.com/sax/-/sax-1.2.4.tgz#2816234e2378bddc4e5354fab5caa895df7100d9"
@@ -9717,6 +9723,12 @@ trough@^1.0.0:
   version "1.0.1"
   resolved "https://registry.yarnpkg.com/trough/-/trough-1.0.1.tgz#a9fd8b0394b0ae8fff82e0633a0a36ccad5b5f86"
 
+truncate-utf8-bytes@^1.0.0:
+  version "1.0.2"
+  resolved "https://registry.yarnpkg.com/truncate-utf8-bytes/-/truncate-utf8-bytes-1.0.2.tgz#405923909592d56f78a5818434b0b78489ca5f2b"
+  dependencies:
+    utf8-byte-length "^1.0.1"
+
 [email protected]:
   version "0.0.0"
   resolved "https://registry.yarnpkg.com/tty-browserify/-/tty-browserify-0.0.0.tgz#a157ba402da24e9bf957f9aa69d524eed42901a6"
@@ -10063,6 +10075,10 @@ [email protected]:
     bindings "~1.2.1"
     nan "~2.4.0"
 
+utf8-byte-length@^1.0.1:
+  version "1.0.4"
+  resolved "https://registry.yarnpkg.com/utf8-byte-length/-/utf8-byte-length-1.0.4.tgz#f45f150c4c66eee968186505ab93fcbb8ad6bf61"
+
 [email protected]:
   version "2.1.0"
   resolved "https://registry.yarnpkg.com/utf8/-/utf8-2.1.0.tgz#0cfec5c8052d44a23e3aaa908104e8075f95dfd5"