fix: Add more validation to msi installer. (#1716)

Author: nrcventura

src/Agent/MsiInstaller/InstallerActions/CustomActions.cs

@@ -264,7 +264,7 @@ private void DeleteFolder(string path)
             {
                 if (Directory.Exists(path))
                 {
-                    Directory.Delete(path, true);
+                    SaferFileUtils.DeleteDirectoryAndContents(path, this);
                     LogSuccess("Folder deleted at '{0}'.", path);
                 }
                 else
@@ -285,7 +285,7 @@ private void DeleteFile(string path)
             {
                 if (File.Exists(path))
                 {
-                    File.Delete(path);
+                    SaferFileUtils.FileDelete(path, this);
                     LogSuccess("File deleted at '{0}'.", path);
                 }
                 else
@@ -480,7 +480,7 @@ private void MigrateNewRelicXml()
                 session.Log("Attempting to move file from {0} to {1}.", sourcePath, destinationPath);
                 try
                 {
-                    File.Copy(sourcePath, destinationPath);
+                    SaferFileUtils.FileCopy(sourcePath, destinationPath, this);
                     session.Log("Moved file from {0} to {1}.", sourcePath, destinationPath);
                 }
                 catch (IOException)
@@ -543,7 +543,7 @@ private void MigrateCustomInstrumentation()
             }
         }
 
-        private static void CopyFolderContents(string source, string destination)
+        private void CopyFolderContents(string source, string destination)
         {
             if (source == null) return;
             if (destination == null) return;
@@ -561,7 +561,7 @@ private static void CopyFolderContents(string source, string destination)
                 // If the subfolder already exists don't try to copy.
                 if (Directory.Exists(destinationPath)) continue;
 
-                Directory.Move(sourceDirectoryPath, destinationPath);
+                SaferFileUtils.DirectoryMove(sourceDirectoryPath, destinationPath, this);
             }
 
             // Copy all the files in the root of the directory.
@@ -571,9 +571,156 @@ private static void CopyFolderContents(string source, string destination)
                 string fileName = Path.GetFileName(sourceFilePath);
                 string destinationPath = destination + fileName;
 
-                File.Copy(sourceFilePath, destinationPath, true);
-                File.Delete(sourceFilePath);
+                SaferFileUtils.FileCopy(sourceFilePath, destinationPath, true, this);
+                SaferFileUtils.FileDelete(sourceFilePath, this);
             }
         }
     }
+
+    /// <summary>
+    /// This class is wrapper around the standard File and Directory classes
+    /// that will check the file and directory structure for symlinks and junctions
+    /// before attempting to copy or delete the file or directory. This code uses
+    /// the presence of reparse points to approximate the usage of junctions or
+    /// symlinks. No agent file or directory is expected to have a reparse point
+    /// defined.
+    /// </summary>
+    internal static class SaferFileUtils
+    {
+        internal static void FileCopy(string source, string destination, MySession logger)
+        {
+            if (!FileIsSafeToUse(source, logger))
+            {
+                logger.Log("{0} was not copied.", source);
+                return;
+            }
+
+            File.Copy(source, destination);
+        }
+
+        internal static void FileCopy(string source, string destination, bool overwrite, MySession logger)
+        {
+            if (!FileIsSafeToUse(source, logger))
+            {
+                logger.Log("{0} was not copied.", source);
+                return;
+            }
+
+            File.Copy(source, destination, overwrite);
+        }
+
+        internal static void FileDelete(string fileNameAndPath, MySession logger)
+        {
+            if (!FileIsSafeToUse(fileNameAndPath, logger))
+            {
+                logger.Log("{0} was not deleted.", fileNameAndPath);
+                return;
+            }
+
+            File.Delete(fileNameAndPath);
+        }
+
+        internal static void DeleteDirectoryAndContents(string path, MySession logger)
+        {
+            if (!DirectoryIsSafeToUse(path, logger))
+            {
+                logger.Log("{0} was not deleted.", path);
+                return;
+            }
+
+            Directory.Delete(path, true);
+        }
+
+        internal static void DirectoryMove(string source, string destination, MySession logger)
+        {
+            if (!DirectoryIsSafeToUse(source, logger))
+            {
+                logger.Log("{0} was not moved.", source);
+                return;
+            }
+
+            Directory.Move(source, destination);
+        }
+
+        private static bool FileIsSafeToUse(string fileNameAndPath, MySession logger)
+        {
+            if (!File.Exists(fileNameAndPath))
+            {
+                return false;
+            }
+
+            var fileInfo = new FileInfo(fileNameAndPath);
+
+            if (FileSystemReportsAReparsePoint(fileInfo, logger))
+            {
+                return false;
+            }
+
+            for (var directory = fileInfo.Directory; directory != null; directory = directory.Parent)
+            {
+                if (FileSystemReportsAReparsePoint(directory, logger))
+                {
+                    return false;
+                }
+            }
+
+            return DirectoryAndParentsAreSafe(fileInfo.Directory, logger);
+        }
+
+        private static bool DirectoryIsSafeToUse(string path, MySession logger)
+        {
+            if (!Directory.Exists(path))
+            {
+                return false;
+            }
+
+            var directory = new DirectoryInfo(path);
+            if (!DirectoryAndParentsAreSafe(directory, logger))
+            {
+                return false;
+            }
+
+            foreach (var childDirectory in directory.GetDirectories("*", SearchOption.AllDirectories))
+            {
+                if (FileSystemReportsAReparsePoint(childDirectory, logger))
+                {
+                    return false;
+                }
+            }
+
+            foreach (var childFile in directory.GetFiles("*", SearchOption.AllDirectories))
+            {
+                if (FileSystemReportsAReparsePoint(childFile, logger))
+                {
+                    return false;
+                }
+            }
+
+            return true;
+        }
+
+        private static bool DirectoryAndParentsAreSafe(DirectoryInfo directoryToCheck, MySession logger)
+        {
+            for (var directory = directoryToCheck; directory != null; directory = directory.Parent)
+            {
+                if (FileSystemReportsAReparsePoint(directory, logger))
+                {
+                    return false;
+                }
+            }
+
+            return true;
+        }
+
+        private static bool FileSystemReportsAReparsePoint(FileSystemInfo fsInfo, MySession logger)
+        {
+            if((fsInfo.Attributes & System.IO.FileAttributes.ReparsePoint) != 0)
+            {
+                logger.Log("Reparse point detected for {0}.", fsInfo.FullName);
+                return true;
+            }
+
+            return false;
+        }
+    }
 }