Mirrors/sftpgo
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2025-12-07 14:50:55 +03:00
Code Issues Packages Projects Releases Wiki Activity

improve validations for user provided file and directory paths

Browse Source
This commit is contained in:
Nicola Murino
2020-03-03 09:09:58 +01:00
parent d0a81cabab
commit 7f1946de34
13 changed files with 72 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
httpd/httpd.go
View File

@@ -15,6 +15,7 @@ import (
"github.com/drakkan/sftpgo/dataprovider"
"github.com/drakkan/sftpgo/logger"
"github.com/drakkan/sftpgo/utils"
"github.com/go-chi/chi"
)
@@ -90,6 +91,10 @@ func (c Conf) Initialize(configDir string) error {
backupsPath = getConfigPath(c.BackupsPath, configDir)
staticFilesPath := getConfigPath(c.StaticFilesPath, configDir)
templatesPath := getConfigPath(c.TemplatesPath, configDir)
if len(backupsPath) == 0 || len(staticFilesPath) == 0 || len(templatesPath) == 0 {
return fmt.Errorf("Required directory is invalid, backup path %#v, static file path: %#v template path: %#v",
backupsPath, staticFilesPath, templatesPath)
}
authUserFile := getConfigPath(c.AuthUserFile, configDir)
httpAuth, err = newBasicAuthProvider(authUserFile)
if err != nil {
@@ -129,7 +134,10 @@ func ReloadTLSCertificate() {
}
func getConfigPath(name, configDir string) string {
if len(name) > 0 && !filepath.IsAbs(name) && name != "." {
if !utils.IsFileInputValid(name) {
return ""
}
if len(name) > 0 && !filepath.IsAbs(name) {
return filepath.Join(configDir, name)
}
return name