From f515b3462ae2842b81badb8538983c5d64787417 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=88=98=E6=B5=A9=E6=AF=85?= <iccccc@hust.edu.cn>
Date: Thu, 11 May 2023 03:24:41 +0000
Subject: [PATCH] =?UTF-8?q?fix:=E4=BF=AE=E5=A4=8D=E8=B7=AF=E5=BE=84?=
 =?UTF-8?q?=E9=81=8D=E5=8E=86=E6=BC=8F=E6=B4=9E(CWE-23)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

csv2db.py直接使用命令行参数作为文件路径，可以被攻击者输入../访问上级目录，从而获取系统的敏感信息，或者写入任意文件（使用保存路径遍历文件名的恶意zip存档）。为了修复这一漏洞，我们采用了werzeug库中的secure_filename函数，这一函数会过滤掉文件路径中的所有危险字符，防范这一攻击方式。

Signed-off-by: 刘浩毅 <iccccc@hust.edu.cn>
---
 tools/csv2db.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/tools/csv2db.py b/tools/csv2db.py
index 204527ee..3a2df64c 100644
--- a/tools/csv2db.py
+++ b/tools/csv2db.py
@@ -23,6 +23,7 @@ import hashlib
 import base64
 from sqlalchemy import text
 from sqlalchemy.exc import SQLAlchemyError
+from werkzeug.utils import secure_filename
 
 sys.path.insert(0, "./../")
 from analysis.engine.database import tables, table_collection_data
@@ -100,6 +101,7 @@ if __name__ == '__main__':
     SESSION = tables.get_session()
     if SESSION is None:
         raise SystemExit('Failed to connect to database')
+    ARGS.path=secure_filename(ARGS.path)
     res, err, CID = add_data(ARGS.path, ARGS.host, UID, SESSION)
     if CID == -1:
         raise SystemExit(err)
-- 
Gitee