From 04fc41597e20bb86036d52acb57a505b6e8e6629 Mon Sep 17 00:00:00 2001
From: bmc-msft <41130664+bmc-msft@users.noreply.github.com>
Date: Tue, 2 Mar 2021 19:06:02 -0500
Subject: [PATCH] require target_exe to be a canonicalized relative path (#613)

---
 src/api-service/__app__/onefuzzlib/tasks/config.py | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/src/api-service/__app__/onefuzzlib/tasks/config.py b/src/api-service/__app__/onefuzzlib/tasks/config.py
index b477ffe23..da5480856 100644
--- a/src/api-service/__app__/onefuzzlib/tasks/config.py
+++ b/src/api-service/__app__/onefuzzlib/tasks/config.py
@@ -4,7 +4,9 @@
 # Licensed under the MIT License.
 
 import logging
+import ntpath
 import os
+import posixpath
 from typing import Dict, List, Optional
 from uuid import UUID
 
@@ -102,6 +104,16 @@ def check_target_exe(config: TaskConfig, definition: TaskDefinition) -> None:
 
         return
 
+    # Azure Blob Store uses virtualized directory structures.  As such, we need
+    # the paths to already be canonicalized.  As an example, accessing the blob
+    # store path "./foo" generates an exception, but "foo" and "foo/bar" do
+    # not.
+    if (
+        posixpath.relpath(config.task.target_exe) != config.task.target_exe
+        or ntpath.relpath(config.task.target_exe) != config.task.target_exe
+    ):
+        raise TaskConfigError("target_exe must be a canonicalized relative path")
+
     container = [x for x in config.containers if x.type == ContainerType.setup][0]
     if not blob_exists(container.name, config.task.target_exe, StorageType.corpus):
         err = "target_exe `%s` does not exist in the setup container `%s`" % (