From 1ff865d464f3c5e0bb9979695f29675fb44b65b3 Mon Sep 17 00:00:00 2001
From: zhoupengcheng <zhoupengcheng11@huawei.com>
Date: Wed, 8 Nov 2023 13:05:10 +0800
Subject: [PATCH] define-fix-privilege-escalation and
 fix-collection-train-file-overwr

---
 0001-define-fix-privilege-escalation.patch    | 58 +++++++++++++++++++
 0002-define-fix-privilege-escalation.patch    | 50 ++++++++++++++++
 atune.spec                                    | 17 ++++--
 ...-file-overwriting-through-soft-links.patch | 57 ++++++++++++++++++
 4 files changed, 176 insertions(+), 6 deletions(-)
 create mode 100644 0001-define-fix-privilege-escalation.patch
 create mode 100644 0002-define-fix-privilege-escalation.patch
 create mode 100644 fix-collection-train-file-overwriting-through-soft-links.patch

diff --git a/0001-define-fix-privilege-escalation.patch b/0001-define-fix-privilege-escalation.patch
new file mode 100644
index 0000000..a971ae8
--- /dev/null
+++ b/0001-define-fix-privilege-escalation.patch
@@ -0,0 +1,58 @@
+From 09c719964b362fa358c705a7b7e24bb02a1259bb Mon Sep 17 00:00:00 2001
+From: zhoupengcheng <zhoupengcheng11@huawei.com>
+Date: Wed, 8 Nov 2023 12:32:43 +0800
+Subject: [PATCH] 0001-define-fix-privilege-escalation.patch
+
+---
+ modules/client/profile/profile_define.go | 16 +++++++++++++++-
+ 1 file changed, 15 insertions(+), 1 deletion(-)
+
+diff --git a/modules/client/profile/profile_define.go b/modules/client/profile/profile_define.go
+index 87b3781..24e31d3 100644
+--- a/modules/client/profile/profile_define.go
++++ b/modules/client/profile/profile_define.go
+@@ -19,6 +19,7 @@ import (
+ 	SVC "gitee.com/openeuler/A-Tune/common/service"
+ 	"gitee.com/openeuler/A-Tune/common/utils"
+ 	"fmt"
++	"regexp"
+ 	"io/ioutil"
+ 
+ 	"github.com/go-ini/ini"
+@@ -88,11 +89,22 @@ func profileDefined(ctx *cli.Context) error {
+ 	if err := profileDefineCheck(ctx); err != nil {
+ 		return err
+ 	}
++
++
++	detectRule := `[./].*` 
++	detectPathchar := regexp.MustCompile(detectRule)
++
+ 	serviceType := ctx.Args().Get(0)
++	if detectPathchar.MatchString(serviceType) {
++		return fmt.Errorf("serviceType:%s cannot contain special path characters '/' or '.' ", serviceType)
++	}
+ 	if !utils.IsInputStringValid(serviceType) {
+ 		return fmt.Errorf("input:%s is invalid", serviceType)
+ 	}
+ 	applicationName := ctx.Args().Get(1)
++        if detectPathchar.MatchString(applicationName) {
++                return fmt.Errorf("applicationName:%s cannot contain special path characters '/' or '.' ", applicationName)
++        }
+ 	if !utils.IsInputStringValid(applicationName) {
+ 		return fmt.Errorf("input:%s is invalid", applicationName)
+ 	}
+@@ -100,7 +112,9 @@ func profileDefined(ctx *cli.Context) error {
+ 	if !utils.IsInputStringValid(scenarioName) {
+ 		return fmt.Errorf("input:%s is invalid", scenarioName)
+ 	}
+-
++        if detectPathchar.MatchString(scenarioName) {
++		return fmt.Errorf("scenarioName:%s cannot contain special path characters '/' or '.' ", scenarioName)
++        }
+ 	data, err := ioutil.ReadFile(ctx.Args().Get(3))
+ 	if err != nil {
+ 		return err
+-- 
+2.33.0
+
diff --git a/0002-define-fix-privilege-escalation.patch b/0002-define-fix-privilege-escalation.patch
new file mode 100644
index 0000000..c7bf633
--- /dev/null
+++ b/0002-define-fix-privilege-escalation.patch
@@ -0,0 +1,50 @@
+From 8c411e610d702daf9e7505c1500163c481f7ed69 Mon Sep 17 00:00:00 2001
+From: zhoupengcheng <zhoupengcheng11@huawei.com>
+Date: Wed, 1 Nov 2023 17:45:05 +0800
+Subject: [PATCH] 0002-define-fix-privilege-escalation.patch
+
+---
+ modules/server/profile/profile.go | 26 +++++++++++++++++++++++++-
+ 1 file changed, 25 insertions(+), 1 deletion(-)
+
+diff --git a/modules/server/profile/profile.go b/modules/server/profile/profile.go
+index 5cdaa9a..cbf48b9 100644
+--- a/modules/server/profile/profile.go
++++ b/modules/server/profile/profile.go
+@@ -1277,8 +1277,32 @@ func (s *ProfileServer) Define(ctx context.Context, message *PB.DefineMessage) (
+ 	applicationName := message.GetApplicationName()
+ 	scenarioName := message.GetScenarioName()
+ 	content := string(message.GetContent())
+-	profileName := serviceType + "-" + applicationName + "-" + scenarioName
+ 
++	detectRule := `[./].*`
++	detectPathchar := regexp.MustCompile(detectRule)
++
++	if detectPathchar.MatchString(serviceType) {
++		return &PB.Ack{}, fmt.Errorf("serviceType:%s cannot contain special path characters '/' or '.' ", serviceType)
++	}
++	if !utils.IsInputStringValid(serviceType) {
++		return &PB.Ack{}, fmt.Errorf("input:%s is invalid", serviceType)
++	}
++
++	if detectPathchar.MatchString(applicationName) {
++                return &PB.Ack{}, fmt.Errorf("applicationName:%s cannot contain special path characters '/' or '.' ", applicationName)
++        }
++	if !utils.IsInputStringValid(applicationName) {
++		return &PB.Ack{}, fmt.Errorf("input:%s is invalid", applicationName)
++	}
++
++	if detectPathchar.MatchString(scenarioName) {
++                return &PB.Ack{}, fmt.Errorf("scenarioName:%s cannot contain special path characters '/' or '.' ", scenarioName)
++        }
++	if !utils.IsInputStringValid(scenarioName) {
++		return &PB.Ack{}, fmt.Errorf("input:%s is invalid", scenarioName)
++	}
++
++	profileName := serviceType + "-" + applicationName + "-" + scenarioName
+ 	workloadTypeExist, err := sqlstore.ExistWorkloadType(profileName)
+ 	if err != nil {
+ 		return &PB.Ack{}, err
+-- 
+2.33.0
+
diff --git a/atune.spec b/atune.spec
index d1e3c81..2b187ce 100755
--- a/atune.spec
+++ b/atune.spec
@@ -3,7 +3,7 @@
 Summary: AI auto tuning system
 Name: atune
 Version: 1.0.0
-Release: 13
+Release: 14
 License: Mulan PSL v2
 URL: https://gitee.com/openeuler/A-Tune
 Source: https://gitee.com/openeuler/A-Tune/repository/archive/v%{version}.tar.gz
@@ -18,7 +18,9 @@ Patch9006: 0002-bugfix-training-model-can-only-save-file-to-specifie.patch
 Patch9007: 0003-bugfix-collection-res-can-only-save-file-to-specifie.patch
 Patch9008: 0004-atune-add-service-restart-mode.patch
 Patch9009: 0005-atune-update-Makefile-and-logs.patch
-Patch9010: The-primary-node-changes-the-parameter-to-be-optimized-to-the-value-of-the-parameter-with-the-suffix-0.patch
+Patch9010: 0001-define-fix-privilege-escalation.patch
+Patch9011: 0002-define-fix-privilege-escalation.patch
+Patch9012: fix-collection-train-file-overwriting-through-soft-links.patch
 
 BuildRequires: rpm-build golang-bin procps-ng
 BuildRequires: sqlite >= 3.24.0 openssl
@@ -171,13 +173,16 @@ cp -af %{_prefix}/lib/golang/src/cmd/vendor/golang.org/x/sys vendor/golang.org/x
 %exclude /etc/atuned/rest_certs
 
 %changelog
-* Sat Oct 28 2023 zhoupengcheng <zhoupengcheng11@huawei.com> - 1.0.0-13
-- bugfix for tuning --restore (https://gitee.com/openeuler/A-Tune/issues/I6AY86)
+* Wed Nov 8 2023 zhoupengcheng <zhoupengcheng11@huawei.com> - 1.0.0-14
+- fix-collection-train-file-overwriting-through-soft-links
 
-* Tue Oct 17 2023 sunchendong <sunchendong@xfusion.com> - 1.0.0-12
+* Wed Nov 8 2023 zhoupengcheng <zhoupengcheng11@huawei.com> - 1.0.0-13
+- define-fix-privilege-escalation
+
+* Wed Aug 16 2023 gaoruoshu <gaoruoshu@huawei.com> - 1.0.0-12
 - atune update Makefile and logs
 
-* Fri Aug 25 2023 sunchendong <sunchendong@xfusion.com> - 1.0.0-11
+* Wed Aug 16 2023 gaoruoshu <gaoruoshu@huawei.com> - 1.0.0-11
 - atune add service restart mode
 
 * Fri Aug 11 2023 panchenbo <panchenbo@kylinsec.com.cn> - 1.0.0-10
diff --git a/fix-collection-train-file-overwriting-through-soft-links.patch b/fix-collection-train-file-overwriting-through-soft-links.patch
new file mode 100644
index 0000000..c527b16
--- /dev/null
+++ b/fix-collection-train-file-overwriting-through-soft-links.patch
@@ -0,0 +1,57 @@
+From c5e491e5dffab4dda814f2e1ba11c21714cac0c6 Mon Sep 17 00:00:00 2001
+From: zhoupengcheng <zhoupengcheng11@huawei.com>
+Date: Wed, 1 Nov 2023 11:14:37 +0800
+Subject: [PATCH] fix-collection-train-file-overwriting-through-soft-links.patch
+
+---
+ analysis/atuned/collector.py | 10 +++++++++-
+ analysis/engine/train.py     |  4 +++-
+ 2 files changed, 12 insertions(+), 2 deletions(-)
+
+diff --git a/analysis/atuned/collector.py b/analysis/atuned/collector.py
+index 4749284..9a264dd 100755
+--- a/analysis/atuned/collector.py
++++ b/analysis/atuned/collector.py
+@@ -39,6 +39,15 @@ class Collector(Resource):
+         args = COLLECTOR_POST_PARSER.parse_args()
+         current_app.logger.info(args)
+         n_pipe = get_npipe(args.get("pipe"))
++
++        path = args.get("file")
++        path = os.path.abspath(path)
++        if not path.startswith("/var/atune_data/collection/"):
++            return "Files outside the /var/atune_data/collection/ directory cannot be modified.", 400
++
++        if os.path.exists(path):
++            return "File already exists!", 400
++
+         monitors = []
+         mpis = []
+         field_name = []
+@@ -91,7 +100,6 @@ class Collector(Resource):
+         if n_pipe is not None:
+             n_pipe.close()
+ 
+-        path = args.get("file")
+         save_file(path, data, field_name)
+         result = {}
+         result["path"] = path
+diff --git a/analysis/engine/train.py b/analysis/engine/train.py
+index 7608660..462b16c 100644
+--- a/analysis/engine/train.py
++++ b/analysis/engine/train.py
+@@ -49,8 +49,10 @@ class Training(Resource):
+             return "Illegal model name provide: {}".format(err), 400
+ 
+         characterization = WorkloadCharacterization(model_path)
++        output_path = TRAINING_MODEL_PATH + model_name
++        if os.path.exists(output_path):
++            return "File already exists!", 400
+         try:
+-            output_path = TRAINING_MODEL_PATH + model_name
+             characterization.retrain(data_path, output_path)
+         except Exception as err:
+             LOGGER.error(err)
+-- 
+2.33.0
+