Add ILocalRefPolicy to validate local file reference paths against data root

Restrict local-ref file paths to the server's data directories to prevent
a local process from reading arbitrary files via crafted local references.
The policy uses weakly_canonical + prefix matching (fail-closed when no
policy is configured). Handle-based refs bypass the policy since they
rely on OS handle security.

1 files changed, 9 insertions, 1 deletions

diff --git a/src/zenserver/storage/cache/httpstructuredcache.cpp b/src/zenserver/storage/cache/httpstructuredcache.cpp
index e678033b5..652f6c407 100644
--- a/src/zenserver/storage/cache/httpstructuredcache.cpp
+++ b/src/zenserver/storage/cache/httpstructuredcache.cpp
@@ -80,7 +80,8 @@ HttpStructuredCacheService::HttpStructuredCacheService(ZenCacheStore&		   InCach
 													   HttpStatusService&	   StatusService,
 													   UpstreamCache&		   UpstreamCache,
 													   const DiskWriteBlocker* InDiskWriteBlocker,
-													   OpenProcessCache&	   InOpenProcessCache)
+													   OpenProcessCache&	   InOpenProcessCache,
+													   const ILocalRefPolicy*  InLocalRefPolicy)
 : m_Log(logging::Get("cache"))
 , m_CacheStore(InCacheStore)
 , m_StatsService(StatsService)
@@ -90,6 +91,7 @@ HttpStructuredCacheService::HttpStructuredCacheService(ZenCacheStore&		   InCach
 , m_DiskWriteBlocker(InDiskWriteBlocker)
 , m_OpenProcessCache(InOpenProcessCache)
 , m_RpcHandler(m_Log, m_CacheStats, UpstreamCache, InCacheStore, InCidStore, InDiskWriteBlocker)
+, m_LocalRefPolicy(InLocalRefPolicy)
 {
 	m_StatsService.RegisterHandler("z$", *this);
 	m_StatusService.RegisterHandler("z$", *this);
@@ -120,6 +122,12 @@ HttpStructuredCacheService::AcceptsLocalFileReferences() const
 	return true;
 }
 
+const ILocalRefPolicy*
+HttpStructuredCacheService::GetLocalRefPolicy() const
+{
+	return m_LocalRefPolicy;
+}
+
 void
 HttpStructuredCacheService::Flush()
 {