[GR-42674] JS Fuzzing: InvalidPathException at UnixPath.checkNotNul(UnixPath.java:90)

PullRequest: graal/13298

Author: tzezula

sdk/src/org.graalvm.polyglot/src/org/graalvm/polyglot/io/FileSystem.java

@@ -80,6 +80,8 @@ public interface FileSystem {
      * @param uri the {@link URI} to be converted to {@link Path}
      * @return the {@link Path} representing given {@link URI}
      * @throws UnsupportedOperationException when {@link URI} scheme is not supported
+     * @throws IllegalArgumentException if preconditions on the {@code uri} do not hold. The format
+     *             of the URI is {@link FileSystem} specific.
      * @since 19.0
      */
     Path parsePath(URI uri);
@@ -91,6 +93,8 @@ public interface FileSystem {
      * @param path the string path to be converted to {@link Path}
      * @return the {@link Path}
      * @throws UnsupportedOperationException when the {@link FileSystem} supports only {@link URI}
+     * @throws IllegalArgumentException if the {@code path} string cannot be converted to a
+     *             {@link Path}
      * @since 19.0
      */
     Path parsePath(String path);

truffle/CHANGELOG.md

@@ -15,6 +15,7 @@ This changelog summarizes major changes between Truffle versions relevant to lan
 * GR-40274 TruffleStrings: added AsNativeNode and GetStringCompactionLevelNode.
 * GR-39189 Added attach methods on the `Instrumenter` class, that take `NearestSectionFilter` as a parameter. The new `NearestSectionFilter` class can be used to instrument or detect nearest locations to a given source line and column. For example, this can be used to implement breakpoints, where the exact line or column is not always precise and the location needs to be updated when new code is loaded.
 * GR-39189 Added `InstrumentableNode.findNearestNodeAt(int line, int column, ...)` to find the nearest node to the given source line and column. This is an alternative to the existing method that takes character offset.
+* GR-42674 It has been documented that methods `TruffleLanguage.Env#getPublicTruffleFile`, `TruffleLanguage.Env#getInternalTruffleFile`, `TruffleLanguage.Env#getTruffleFileInternal` and `TruffleInstrument.Env#getPublicTruffleFile` can throw `IllegalArgumentException` when the path string cannot be converted to a `Path` or uri preconditions required by the `FileSystem` do not hold.
 
 ## Version 22.3.0
 

truffle/src/com.oracle.truffle.api.test/src/com/oracle/truffle/api/test/polyglot/MemoryFileSystem.java

@@ -157,7 +157,7 @@ public Path parsePath(String path) {
     public Path parsePath(URI uri) {
         try {
             return Paths.get(uri);
-        } catch (IllegalArgumentException | FileSystemNotFoundException e) {
+        } catch (FileSystemNotFoundException e) {
             throw new UnsupportedOperationException(e);
         }
     }

truffle/src/com.oracle.truffle.api.test/src/com/oracle/truffle/api/test/polyglot/NIOFileSystemTest.java

@@ -129,6 +129,8 @@ public void testParsePath() {
         expectException(() -> fs.parsePath((String) null), NullPointerException.class);
         expectException(() -> fs.parsePath((URI) null), NullPointerException.class);
         expectException(() -> fs.parsePath(new URI("unknownscheme:///tmp/")), UnsupportedOperationException.class);
+        expectException(() -> fs.parsePath("\0"), IllegalArgumentException.class);
+        expectException(() -> fs.parsePath(new URI("file://host:8000/tmp")), IllegalArgumentException.class);
     }
 
     @Test

truffle/src/com.oracle.truffle.api.test/src/com/oracle/truffle/api/test/polyglot/TruffleFileTest.java

@@ -798,7 +798,7 @@ public void close() throws IOException {
     }
 
     @Test
-    public void testInvalidScheme() throws IOException {
+    public void testInvalidURI() throws IOException {
         URI httpScheme = URI.create("http://127.0.0.1/foo.js");
         Path tmp = Files.createTempDirectory("invalidscheme");
         Path existingJar = tmp.resolve("exiting.jar");
@@ -810,17 +810,20 @@ public void testInvalidScheme() throws IOException {
         Path nonExistingJar = tmp.resolve("non_existing.jar");
         URI jarSchemeExistingFile = URI.create("jar:" + existingJar.toUri() + "!/");
         URI jarSchemeNonExistingFile = URI.create("jar:" + nonExistingJar.toUri() + "!/");
+        URI invalidUri = URI.create("file://localhost:8000/tmp");
         java.nio.file.FileSystem nioJarFS = FileSystems.newFileSystem(jarSchemeExistingFile, Collections.emptyMap());
         try {
             // Context with enabled IO
             testInvalidSchemeImpl(httpScheme);
             testInvalidSchemeImpl(jarSchemeExistingFile);
             testInvalidSchemeImpl(jarSchemeNonExistingFile);
+            testWrongURIPreconditionsImpl(invalidUri);
             // Context with disabled IO
             setupEnv(Context.newBuilder().build());
             testInvalidSchemeImpl(httpScheme);
             testInvalidSchemeImpl(jarSchemeExistingFile);
             testInvalidSchemeImpl(jarSchemeNonExistingFile);
+            testWrongURIPreconditionsImpl(invalidUri);
         } finally {
             nioJarFS.close();
             delete(tmp);
@@ -833,6 +836,20 @@ private void testInvalidSchemeImpl(URI uri) {
         assertFails(() -> languageEnv.getTruffleFileInternal(uri, (f) -> false), UnsupportedOperationException.class);
     }
 
+    private void testWrongURIPreconditionsImpl(URI uri) {
+        assertFails(() -> languageEnv.getPublicTruffleFile(uri), IllegalArgumentException.class);
+        assertFails(() -> languageEnv.getInternalTruffleFile(uri), IllegalArgumentException.class);
+        assertFails(() -> languageEnv.getTruffleFileInternal(uri, (f) -> false), IllegalArgumentException.class);
+    }
+
+    @Test
+    public void testInvalidPath() {
+        String invalidPath = "\0";
+        assertFails(() -> languageEnv.getPublicTruffleFile(invalidPath), IllegalArgumentException.class);
+        assertFails(() -> languageEnv.getInternalTruffleFile(invalidPath), IllegalArgumentException.class);
+        assertFails(() -> languageEnv.getTruffleFileInternal(invalidPath, (f) -> false), IllegalArgumentException.class);
+    }
+
     private static void delete(Path path) throws IOException {
         if (Files.isDirectory(path)) {
             try (DirectoryStream<Path> dir = Files.newDirectoryStream(path)) {

truffle/src/com.oracle.truffle.api/src/com/oracle/truffle/api/TruffleLanguage.java

@@ -2725,6 +2725,8 @@ public boolean isPreInitialization() {
          * @return {@link TruffleFile}
          * @throws UnsupportedOperationException when the {@link FileSystem} supports only
          *             {@link URI}
+         * @throws IllegalArgumentException if the {@code path} string cannot be converted to a
+         *             {@link Path}
          * @see IOAccess
          * @see Builder#allowIO(IOAccess)
          * @since 19.3.0
@@ -2735,7 +2737,7 @@ public TruffleFile getPublicTruffleFile(String path) {
             FileSystemContext fs = getPublicFileSystemContext();
             try {
                 return new TruffleFile(fs, fs.fileSystem.parsePath(path));
-            } catch (UnsupportedOperationException e) {
+            } catch (UnsupportedOperationException | IllegalArgumentException e) {
                 throw e;
             } catch (Throwable t) {
                 throw TruffleFile.wrapHostException(t, fs.fileSystem);
@@ -2749,6 +2751,7 @@ public TruffleFile getPublicTruffleFile(String path) {
          * @param uri the {@link URI} to create {@link TruffleFile} for
          * @return {@link TruffleFile}
          * @throws UnsupportedOperationException when {@link URI} scheme is not supported
+         * @throws IllegalArgumentException if preconditions on the {@code uri} do not hold.
          * @since 19.3.0
          */
         @TruffleBoundary
@@ -2757,7 +2760,7 @@ public TruffleFile getPublicTruffleFile(URI uri) {
             FileSystemContext fs = getPublicFileSystemContext();
             try {
                 return new TruffleFile(fs, fs.fileSystem.parsePath(uri));
-            } catch (UnsupportedOperationException e) {
+            } catch (UnsupportedOperationException | IllegalArgumentException e) {
                 throw e;
             } catch (Throwable t) {
                 throw TruffleFile.wrapHostException(t, fs.fileSystem);
@@ -2783,6 +2786,8 @@ public TruffleFile getPublicTruffleFile(URI uri) {
          * @since 19.3.0
          * @throws UnsupportedOperationException when the {@link FileSystem} supports only
          *             {@link URI}
+         * @throws IllegalArgumentException if the {@code path} string cannot be converted to a
+         *             {@link Path}
          * @see #getTruffleFileInternal(String, Predicate)
          * @see #getPublicTruffleFile(java.lang.String)
          */
@@ -2792,7 +2797,7 @@ public TruffleFile getInternalTruffleFile(String path) {
             FileSystemContext fs = getInternalFileSystemContext();
             try {
                 return new TruffleFile(fs, fs.fileSystem.parsePath(path));
-            } catch (UnsupportedOperationException e) {
+            } catch (UnsupportedOperationException | IllegalArgumentException e) {
                 throw e;
             } catch (Throwable t) {
                 throw TruffleFile.wrapHostException(t, fs.fileSystem);
@@ -2807,6 +2812,7 @@ public TruffleFile getInternalTruffleFile(String path) {
          * @return {@link TruffleFile}
          * @since 19.3.0
          * @throws UnsupportedOperationException when {@link URI} scheme is not supported
+         * @throws IllegalArgumentException if preconditions on the {@code uri} do not hold.
          * @see #getTruffleFileInternal(URI, Predicate)
          * @see #getPublicTruffleFile(java.net.URI)
          */
@@ -2816,7 +2822,7 @@ public TruffleFile getInternalTruffleFile(URI uri) {
             FileSystemContext fs = getInternalFileSystemContext();
             try {
                 return new TruffleFile(fs, fs.fileSystem.parsePath(uri));
-            } catch (UnsupportedOperationException e) {
+            } catch (UnsupportedOperationException | IllegalArgumentException e) {
                 throw e;
             } catch (Throwable t) {
                 throw TruffleFile.wrapHostException(t, fs.fileSystem);
@@ -2861,6 +2867,8 @@ public TruffleFile getInternalTruffleFile(URI uri) {
          * @return {@link TruffleFile}
          * @throws UnsupportedOperationException when the {@link FileSystem} supports only
          *             {@link URI}
+         * @throws IllegalArgumentException if the {@code path} string cannot be converted to a
+         *             {@link Path}
          * @since 21.1.0
          * @see #getTruffleFileInternal(URI, Predicate)
          * @see #getPublicTruffleFile(String)
@@ -2883,6 +2891,7 @@ public TruffleFile getTruffleFileInternal(String path, Predicate<TruffleFile> fi
          * @return {@link TruffleFile}
          * @throws UnsupportedOperationException when the {@link FileSystem} supports only
          *             {@link URI}
+         * @throws IllegalArgumentException if preconditions on the {@code uri} do not hold.
          * @since 21.1.0
          * @see #getTruffleFileInternal(String, Predicate)
          * @see #getPublicTruffleFile(URI)

truffle/src/com.oracle.truffle.api/src/com/oracle/truffle/api/source/Source.java

@@ -993,8 +993,11 @@ static Source buildSource(String language, Object origin, String name, String pa
         if (useOrigin instanceof File) {
             final File file = (File) useOrigin;
             assert useFileSystemContext != null : "file system context must be provided by polyglot embedding API";
-            TruffleFile truffleFile = SourceAccessor.getTruffleFile(file.toPath().toString(), useFileSystemContext);
-            useOrigin = truffleFile;
+            try {
+                useOrigin = SourceAccessor.getTruffleFile(file.toPath().toString(), useFileSystemContext);
+            } catch (UnsupportedOperationException | IllegalArgumentException e) {
+                throw new AssertionError("Inconsistent path", e);
+            }
         }
 
         if (useOrigin == CONTENT_UNSET) {
@@ -1037,19 +1040,10 @@ static Source buildSource(String language, Object origin, String name, String pa
             useUri = useUri == null ? tmpUri : useUri;
             usePath = usePath == null ? useUrl.getPath() : usePath;
             useFileSystemContext = useFileSystemContext == null ? SourceAccessor.ACCESSOR.engineSupport().getCurrentFileSystemContext() : useFileSystemContext;
+            assert useTruffleFile == null;
             try {
                 useTruffleFile = SourceAccessor.getTruffleFile(tmpUri, useFileSystemContext);
-                useTruffleFile = getCanonicalFileIfItExists(useTruffleFile);
-                if (useContent == CONTENT_UNSET) {
-                    if (isCharacterBased(useFileSystemContext, language, useMimeType)) {
-                        String fileMimeType = useMimeType == null ? SourceAccessor.detectMimeType(useTruffleFile, getValidMimeTypes(useFileSystemContext, language)) : useMimeType;
-                        useEncoding = useEncoding == null ? findEncoding(useTruffleFile, fileMimeType) : useEncoding;
-                        useContent = read(useTruffleFile, useEncoding);
-                    } else {
-                        useContent = ByteSequence.create(useTruffleFile.readAllBytes());
-                    }
-                }
-            } catch (UnsupportedOperationException uoe) {
+            } catch (IllegalArgumentException | UnsupportedOperationException e) {
                 if (ALLOW_IO && SourceAccessor.isSocketIOAllowed(useFileSystemContext)) {
                     // Not a recognized by FileSystem, fall back to URLConnection only for allowed
                     // IO without a custom FileSystem
@@ -1066,6 +1060,18 @@ static Source buildSource(String language, Object origin, String name, String pa
                     throw new SecurityException("Reading of URL " + useUrl + " is not allowed.");
                 }
             }
+            if (useTruffleFile != null) {
+                useTruffleFile = getCanonicalFileIfItExists(useTruffleFile);
+                if (useContent == CONTENT_UNSET) {
+                    if (isCharacterBased(useFileSystemContext, language, useMimeType)) {
+                        String fileMimeType = useMimeType == null ? SourceAccessor.detectMimeType(useTruffleFile, getValidMimeTypes(useFileSystemContext, language)) : useMimeType;
+                        useEncoding = useEncoding == null ? findEncoding(useTruffleFile, fileMimeType) : useEncoding;
+                        useContent = read(useTruffleFile, useEncoding);
+                    } else {
+                        useContent = ByteSequence.create(useTruffleFile.readAllBytes());
+                    }
+                }
+            }
         } else if (useOrigin instanceof Reader) {
             final Reader r = (Reader) useOrigin;
             useContent = useContent == CONTENT_UNSET ? read(r) : useContent;

truffle/src/com.oracle.truffle.polyglot/src/com/oracle/truffle/polyglot/FileSystems.java

@@ -297,11 +297,7 @@ public boolean hasNoAccess() {
 
         @Override
         public Path parsePath(URI path) {
-            try {
-                return wrap(delegate.parsePath(path));
-            } catch (IllegalArgumentException | FileSystemNotFoundException e) {
-                throw new UnsupportedOperationException(e);
-            }
+            return wrap(delegate.parsePath(path));
         }
 
         @Override
@@ -771,17 +767,22 @@ public boolean hasNoAccess() {
 
         @Override
         public Path parsePath(URI uri) {
+            if (!hostfs.getScheme().equals(uri.getScheme())) {
+                // Throw a UnsupportedOperationException with a better message than the default
+                // FileSystemProvider.getPath does.
+                throw new UnsupportedOperationException("Unsupported URI scheme " + uri.getScheme());
+            }
             try {
                 return hostfs.getPath(uri);
-            } catch (IllegalArgumentException | FileSystemNotFoundException e) {
+            } catch (FileSystemNotFoundException e) {
                 throw new UnsupportedOperationException(e);
             }
         }
 
         @Override
         public Path parsePath(String path) {
             if (!"file".equals(hostfs.getScheme())) {
-                throw new IllegalStateException("The ParsePath(String path) should be called only for file scheme.");
+                throw new UnsupportedOperationException("The ParsePath(String path) should be called only for file scheme.");
             }
             return Paths.get(path);
         }
@@ -1027,7 +1028,7 @@ public Path parsePath(final URI uri) {
                 // Paths.get(URI) cannot be used as it looks up the file system provider
                 // by scheme and can use a non default file system provider.
                 return defaultFileSystemProvider.getPath(uri);
-            } catch (IllegalArgumentException | FileSystemNotFoundException e) {
+            } catch (FileSystemNotFoundException e) {
                 throw new UnsupportedOperationException(e);
             }
         }

truffle/src/com.oracle.truffle.polyglot/src/com/oracle/truffle/polyglot/PolyglotEngineImpl.java

@@ -52,6 +52,7 @@
 import java.io.StringWriter;
 import java.lang.ref.Reference;
 import java.lang.ref.ReferenceQueue;
+import java.nio.file.Path;
 import java.time.Duration;
 import java.time.ZoneId;
 import java.util.ArrayList;
@@ -1729,8 +1730,18 @@ public PolyglotContextImpl createContext(OutputStream configOut, OutputStream co
                 fileSystemConfig = new FileSystemConfig(ioAccess, FileSystems.newNoIOFileSystem(), FileSystems.newLanguageHomeFileSystem());
             }
             if (currentWorkingDirectory != null) {
-                fileSystemConfig.fileSystem.setCurrentWorkingDirectory(fileSystemConfig.fileSystem.parsePath(currentWorkingDirectory));
-                fileSystemConfig.internalFileSystem.setCurrentWorkingDirectory(fileSystemConfig.internalFileSystem.parsePath(currentWorkingDirectory));
+                Path publicFsCwd;
+                Path internalFsCwd;
+                try {
+                    publicFsCwd = fileSystemConfig.fileSystem.parsePath(currentWorkingDirectory);
+                    internalFsCwd = fileSystemConfig.internalFileSystem.parsePath(currentWorkingDirectory);
+                } catch (IllegalArgumentException e) {
+                    throw PolyglotEngineException.illegalArgument(e);
+                } catch (UnsupportedOperationException e) {
+                    throw PolyglotEngineException.illegalArgument(new IllegalArgumentException(e));
+                }
+                fileSystemConfig.fileSystem.setCurrentWorkingDirectory(publicFsCwd);
+                fileSystemConfig.internalFileSystem.setCurrentWorkingDirectory(internalFsCwd);
             }
             final OutputStream useOut;
             if (configOut == null || configOut == INSTRUMENT.getOut(this.out)) {

truffle/src/com.oracle.truffle.polyglot/src/com/oracle/truffle/polyglot/PolyglotImpl.java

@@ -528,7 +528,12 @@ public String findLanguage(URL url) throws IOException {
     @Override
     public String findMimeType(File file) throws IOException {
         Objects.requireNonNull(file);
-        TruffleFile truffleFile = EngineAccessor.LANGUAGE.getTruffleFile(file.toPath().toString(), getDefaultFileSystemContext());
+        TruffleFile truffleFile;
+        try {
+            truffleFile = EngineAccessor.LANGUAGE.getTruffleFile(file.toPath().toString(), getDefaultFileSystemContext());
+        } catch (UnsupportedOperationException | IllegalArgumentException e) {
+            throw new AssertionError("Inconsistent path", e);
+        }
         return truffleFile.detectMimeType();
     }