Bugfix/validate-user-provided-file-object-paths (#1197)

* Fixed BACnet file object path name unintended path traversals by optionally restricting path name content with BACNET_FILE_PATH_RESTRICTED define.

* Added POSIX file path name checking for AtomicReadFile and AtomicWriteFile example applications. Prohibits use of relative and absolute file paths when BACNET_FILE_PATH_RESTRICTED is non-zero.

test/bacnet/basic/sys/filename/CMakeLists.txt

@@ -34,6 +34,7 @@ add_executable(${PROJECT_NAME}
     # File(s) under test
     ${SRC_DIR}/bacnet/basic/sys/filename.c
     # Support files and stubs (pathname alphabetical)
+    ${SRC_DIR}/bacnet/basic/sys/debug.c
     # Test and test library files
     ./src/main.c
     ${ZTST_DIR}/ztest_mock.c

test/bacnet/basic/sys/filename/src/main.c

@@ -27,6 +27,7 @@ static void testFilename(void)
     const char *data3 = "c:\\Program Files\\Christopher\\run.exe";
     const char *data4 = "//Mary/data/run";
     const char *data5 = "bin\\run";
+    const char *data6 = "run.exe";
     const char *filename = NULL;
 
     filename = filename_remove_path(data1);
@@ -39,9 +40,53 @@ static void testFilename(void)
     zassert_equal(strcmp("run", filename), 0, NULL);
     filename = filename_remove_path(data5);
     zassert_equal(strcmp("run", filename), 0, NULL);
+    filename = filename_remove_path(data6);
+    zassert_equal(strcmp("run.exe", filename), 0, NULL);
 
     return;
 }
+
+#if defined(CONFIG_ZTEST_NEW_API)
+ZTEST(filename_tests, testFilenameValid)
+#else
+static void testFilenameValid(void)
+#endif
+{
+    const char *data0 = "";
+    const char *data1 = "c:\\Joshua\\run";
+    const char *data2 = "/home/Anna/run";
+    const char *data3 = "c:\\Program Files\\Christopher\\run.exe";
+    const char *data4 = "//Mary/data/run";
+    const char *data5 = "bin\\\\run";
+    const char *data6 = "bin/./run";
+    const char *data7 = "bin/../run";
+    const char *data_valid = "certs/mycert.pem";
+    bool valid = false;
+
+    valid = filename_path_valid(NULL);
+    zassert_false(valid, NULL);
+    valid = filename_path_valid(data0);
+    zassert_false(valid, NULL);
+    valid = filename_path_valid(data1);
+    zassert_false(valid, NULL);
+    valid = filename_path_valid(data2);
+    zassert_false(valid, NULL);
+    valid = filename_path_valid(data3);
+    zassert_false(valid, NULL);
+    valid = filename_path_valid(data4);
+    zassert_false(valid, NULL);
+    valid = filename_path_valid(data5);
+    zassert_false(valid, NULL);
+    valid = filename_path_valid(data6);
+    zassert_false(valid, NULL);
+    valid = filename_path_valid(data7);
+    zassert_false(valid, NULL);
+    valid = filename_path_valid(data_valid);
+    zassert_true(valid, NULL);
+
+    return;
+}
+
 /**
  * @}
  */
@@ -51,7 +96,9 @@ ZTEST_SUITE(filename_tests, NULL, NULL, NULL, NULL, NULL);
 #else
 void test_main(void)
 {
-    ztest_test_suite(filename_tests, ztest_unit_test(testFilename));
+    ztest_test_suite(
+        filename_tests, ztest_unit_test(testFilename),
+        ztest_unit_test(testFilenameValid));
 
     ztest_run_test_suite(filename_tests);
 }