From 8e12d94359e84d3dc8415d9f778eda9902669c52 Mon Sep 17 00:00:00 2001
From: Tomas Tauber <2410580+tomtau@users.noreply.github.com>
Date: Wed, 13 Oct 2021 18:52:05 +0800
Subject: [PATCH] rpc: fix `ExpandHome` restrictions bypass (#667)

`go-home` seems to be using environment variables first
---
 CHANGELOG.md                           |  1 +
 rpc/ethereum/namespaces/debug/api.go   |  7 ++++++-
 rpc/ethereum/namespaces/debug/trace.go |  7 ++++++-
 rpc/ethereum/namespaces/debug/utils.go | 23 ++++++++++++-----------
 server/start.go                        |  7 ++++++-
 5 files changed, 31 insertions(+), 14 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index c7eb11e9d3..48120db349 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -67,6 +67,7 @@ Ref: https://keepachangelog.com/en/1.0.0/
 
 ### Bug Fixes
 
+* (rpc) [tharsis#667](https://github.com/tharsis/ethermint/issues/667) Fix ExpandHome restrictions bypass
 * (rpc) [tharsis#642](https://github.com/tharsis/ethermint/issues/642) Fix `eth_getLogs` when string is specified in filter's from or to fields
 * (evm) [tharsis#616](https://github.com/tharsis/ethermint/issues/616) Fix halt on deeply nested stack of cache context. Stack is now flattened before iterating over the tx logs.
 * (rpc, evm) [tharsis#614](https://github.com/tharsis/ethermint/issues/614) Use JSON for (un)marshaling tx `Log`s from events.
diff --git a/rpc/ethereum/namespaces/debug/api.go b/rpc/ethereum/namespaces/debug/api.go
index d68461612f..f08d40b9a9 100644
--- a/rpc/ethereum/namespaces/debug/api.go
+++ b/rpc/ethereum/namespaces/debug/api.go
@@ -292,7 +292,12 @@ func (a *API) StartCPUProfile(file string) error {
 		a.logger.Debug("CPU profiling already in progress")
 		return errors.New("CPU profiling already in progress")
 	default:
-		f, err := os.Create(ExpandHome(file))
+		fp, err := ExpandHome(file)
+		if err != nil {
+			a.logger.Debug("failed to get filepath for the CPU profile file", "error", err.Error())
+			return err
+		}
+		f, err := os.Create(fp)
 		if err != nil {
 			a.logger.Debug("failed to create CPU profile file", "error", err.Error())
 			return err
diff --git a/rpc/ethereum/namespaces/debug/trace.go b/rpc/ethereum/namespaces/debug/trace.go
index 423d808516..f550d3d283 100644
--- a/rpc/ethereum/namespaces/debug/trace.go
+++ b/rpc/ethereum/namespaces/debug/trace.go
@@ -35,7 +35,12 @@ func (a *API) StartGoTrace(file string) error {
 		a.logger.Debug("trace already in progress")
 		return errors.New("trace already in progress")
 	}
-	f, err := os.Create(ExpandHome(file))
+	fp, err := ExpandHome(file)
+	if err != nil {
+		a.logger.Debug("failed to get filepath for the CPU profile file", "error", err.Error())
+		return err
+	}
+	f, err := os.Create(fp)
 	if err != nil {
 		a.logger.Debug("failed to create go trace file", "error", err.Error())
 		return err
diff --git a/rpc/ethereum/namespaces/debug/utils.go b/rpc/ethereum/namespaces/debug/utils.go
index ebc53df786..0910040a87 100644
--- a/rpc/ethereum/namespaces/debug/utils.go
+++ b/rpc/ethereum/namespaces/debug/utils.go
@@ -24,26 +24,27 @@ func isCPUProfileConfigurationActivated(ctx *server.Context) bool {
 
 // ExpandHome expands home directory in file paths.
 // ~someuser/tmp will not be expanded.
-func ExpandHome(p string) string {
+func ExpandHome(p string) (string, error) {
 	if strings.HasPrefix(p, "~/") || strings.HasPrefix(p, "~\\") {
-		home := os.Getenv("HOME")
-		if home == "" {
-			if usr, err := user.Current(); err == nil {
-				home = usr.HomeDir
-			}
-		}
-		if home != "" {
-			p = home + p[1:]
+		usr, err := user.Current()
+		if err != nil {
+			return p, err
 		}
+		home := usr.HomeDir
+		p = home + p[1:]
 	}
-	return filepath.Clean(p)
+	return filepath.Clean(p), nil
 }
 
 // writeProfile writes the data to a file
 func writeProfile(name, file string, log log.Logger) error {
 	p := pprof.Lookup(name)
 	log.Info("Writing profile records", "count", p.Count(), "type", name, "dump", file)
-	f, err := os.Create(ExpandHome(file))
+	fp, err := ExpandHome(file)
+	if err != nil {
+		return err
+	}
+	f, err := os.Create(fp)
 	if err != nil {
 		return err
 	}
diff --git a/server/start.go b/server/start.go
index 8b74452005..7a90c76361 100644
--- a/server/start.go
+++ b/server/start.go
@@ -223,7 +223,12 @@ func startInProcess(ctx *server.Context, clientCtx client.Context, appCreator ty
 	var cpuProfileCleanup func()
 
 	if cpuProfile := ctx.Viper.GetString(srvflags.CPUProfile); cpuProfile != "" {
-		f, err := os.Create(ethdebug.ExpandHome(cpuProfile))
+		fp, err := ethdebug.ExpandHome(cpuProfile)
+		if err != nil {
+			ctx.Logger.Debug("failed to get filepath for the CPU profile file", "error", err.Error())
+			return err
+		}
+		f, err := os.Create(fp)
 		if err != nil {
 			return err
 		}