SnakeYaml SafeConstructor restricting deserialization (#6319)

ParsedDockerComposeFile is vulnerable to deserialization gadget chain attacks that can lead to remote code execution when the file has untrusted content: https://nvd.nist.gov/vuln/detail/CVE-2022-1471 This should be fixed by using SafeConstructor as suggested by the SnakeYaml developers. Deserialization of arbitrary Java types is not used by the Compose file spec and therefore can be disabled without any loss of functionality: https://docs.docker.com/compose/compose-file/ --------- Co-authored-by: Eddú Meléndez Gonzales <eddu.melendez@gmail.com>
testcontainers · Jul 4, 2023 · 595076c · 595076c
1 parent a00d048
commit 595076c
Show file tree

Hide file tree

Showing 4 changed files with 33 additions and 1 deletion.
diff --git a/core/src/main/java/org/testcontainers/containers/ParsedDockerComposeFile.java b/core/src/main/java/org/testcontainers/containers/ParsedDockerComposeFile.java
@@ -7,7 +7,9 @@
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.io.FileUtils;
 import org.testcontainers.images.ParsedDockerfile;
+import org.yaml.snakeyaml.LoaderOptions;
 import org.yaml.snakeyaml.Yaml;
+import org.yaml.snakeyaml.constructor.SafeConstructor;
 
 import java.io.File;
 import java.io.FileInputStream;
@@ -35,7 +37,7 @@ class ParsedDockerComposeFile {
     private Map<String, Set<String>> serviceNameToImageNames = new HashMap<>();
 
     ParsedDockerComposeFile(File composeFile) {
-        Yaml yaml = new Yaml();
+        Yaml yaml = new Yaml(new SafeConstructor(new LoaderOptions()));
         try (FileInputStream fileInputStream = FileUtils.openInputStream(composeFile)) {
             composeFileContent = yaml.load(fileInputStream);
         } catch (Exception e) {

diff --git a/core/src/test/java/org/testcontainers/containers/ParsedDockerComposeFileBean.java b/core/src/test/java/org/testcontainers/containers/ParsedDockerComposeFileBean.java
@@ -0,0 +1,10 @@
+package org.testcontainers.containers;
+
+public class ParsedDockerComposeFileBean {
+
+    public String foo;
+
+    public ParsedDockerComposeFileBean(String foo) {
+        this.foo = foo;
+    }
+}
diff --git a/core/src/test/java/org/testcontainers/containers/ParsedDockerComposeFileValidationTest.java b/core/src/test/java/org/testcontainers/containers/ParsedDockerComposeFileValidationTest.java
@@ -2,6 +2,7 @@
 
 import com.google.common.collect.ImmutableMap;
 import com.google.common.collect.Sets;
+import lombok.SneakyThrows;
 import org.junit.Test;
 
 import java.io.File;
@@ -61,6 +62,22 @@ public void shouldIgnoreUnknownStructure() {
         new ParsedDockerComposeFile(ImmutableMap.of("version", "9000"));
     }
 
+    @Test
+    @SneakyThrows
+    public void shouldRejectDeserializationOfArbitraryClasses() {
+        // Reject deserialization gadget chain attacks: https://nvd.nist.gov/vuln/detail/CVE-2022-1471
+        // https://raw.githubusercontent.com/mbechler/marshalsec/master/marshalsec.pdf
+
+        File file = new File("src/test/resources/docker-compose-deserialization.yml");
+
+        // ParsedDockerComposeFile should reject deserialization of ParsedDockerComposeFileBean
+        assertThatThrownBy(() -> {
+                new ParsedDockerComposeFile(file);
+            })
+            .hasMessageContaining(file.getAbsolutePath())
+            .hasMessageContaining("Unable to parse YAML file");
+    }
+
     @Test
     public void shouldObtainImageNamesV1() {
         File file = new File("src/test/resources/docker-compose-imagename-parsing-v1.yml");

diff --git a/core/src/test/resources/docker-compose-deserialization.yml b/core/src/test/resources/docker-compose-deserialization.yml
@@ -0,0 +1,3 @@
+redis:
+    image: redis
+    key: !!org.testcontainers.containers.ParsedDockerComposeFileBean '{foo: bar}'