From 76180aaa5a6489857d68e6a7e51b3ea6f5e421de Mon Sep 17 00:00:00 2001
From: antifallobst <antifallobst@systemausfall.org>
Date: Fri, 25 Aug 2023 00:02:13 +0200
Subject: [PATCH] fix(server): fixed possible recursive includes in
 preprocessing

---
 server/src/cache.rs  |  4 +++-
 server/src/parser.rs | 20 +++++++++++++++-----
 2 files changed, 18 insertions(+), 6 deletions(-)

diff --git a/server/src/cache.rs b/server/src/cache.rs
index a5e04c0..44f9900 100644
--- a/server/src/cache.rs
+++ b/server/src/cache.rs
@@ -16,8 +16,10 @@ impl Sites {
         std::env::set_current_dir(path)?;
         let mut home_file = std::fs::File::open("home.html")?;
 
+        let mut visited_inodes = Vec::new();
+
         Ok(Self {
-            home: parser::generate_site(&mut home_file)?
+            home: parser::generate_site(&mut home_file, &mut visited_inodes)?
         })
     }
 
diff --git a/server/src/parser.rs b/server/src/parser.rs
index f4c9459..a2bdcb2 100644
--- a/server/src/parser.rs
+++ b/server/src/parser.rs
@@ -1,9 +1,17 @@
-use std::io::{Read, read_to_string};
+use std::{io::Read, os::unix::fs::MetadataExt};
 use anyhow::{Error, Result};
-use log::{error, info};
+use log::info;
 
-pub fn generate_site(base: &mut std::fs::File) -> Result<String> {
-    let include_regex = regex::Regex::new("\\s+@@@include ((?:[^\\/]*\\/)*)(.*)@@@")?;
+pub fn generate_site(base: &mut std::fs::File, visited_inodes: &mut Vec<u64>) -> Result<String> {
+    let inode = base.metadata()?.ino();
+
+    if visited_inodes.contains(&inode) {
+        return Err(Error::msg("Recursive file inclusion detected!"));
+    } else {
+        visited_inodes.push(inode);
+    }
+
+    let include_regex = regex::Regex::new("@@@include ((?:[^\\/]*\\/)*)(.*)@@@")?;
 
     let mut content = String::new();
     base.read_to_string(&mut content)?;
@@ -17,11 +25,13 @@ pub fn generate_site(base: &mut std::fs::File) -> Result<String> {
 
             let mut file = std::fs::File::open(parts.get(1).expect("This should never happen due to the regex check."))?;
 
-            lines.push(generate_site(&mut file)?);
+            lines.push(generate_site(&mut file, visited_inodes)?);
         } else {
             lines.push(line.to_owned());
         }
     }
 
+    let _ = visited_inodes.pop();
+
     Ok(lines.join("\n"))
 }
\ No newline at end of file