From 402491b7e52c4d836c1274976cdb387852cfd17b Mon Sep 17 00:00:00 2001
From: Chris <ccbrown112@gmail.com>
Date: Mon, 11 Sep 2017 10:02:02 -0500
Subject: PLT-7407: Back-end plugins (#7409)

* tie back-end plugins together

* fix comment typo

* add tests and a bit of polish

* tests and polish

* add test, don't let backend executable paths escape the plugin directory
---
 plugin/rpcplugin/supervisor.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'plugin/rpcplugin/supervisor.go')

diff --git a/plugin/rpcplugin/supervisor.go b/plugin/rpcplugin/supervisor.go
index 6a00d0468..7e37e2851 100644
--- a/plugin/rpcplugin/supervisor.go
+++ b/plugin/rpcplugin/supervisor.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	"path/filepath"
+	"strings"
 	"sync/atomic"
 	"time"
 
@@ -123,7 +124,11 @@ func SupervisorProvider(bundle *model.BundleInfo) (plugin.Supervisor, error) {
 	} else if bundle.Manifest.Backend == nil || bundle.Manifest.Backend.Executable == "" {
 		return nil, fmt.Errorf("no backend executable specified")
 	}
+	executable := filepath.Clean(filepath.Join(".", bundle.Manifest.Backend.Executable))
+	if strings.HasPrefix(executable, "..") {
+		return nil, fmt.Errorf("invalid backend executable")
+	}
 	return &Supervisor{
-		executable: filepath.Join(bundle.Path, bundle.Manifest.Backend.Executable),
+		executable: filepath.Join(bundle.Path, executable),
 	}, nil
 }
-- 
cgit v1.2.3-1-g7c22