Mirrors/sftpgo
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2025-12-07 06:40:54 +03:00
Code Issues Packages Projects Releases Wiki Activity

improve validations for user provided file and directory paths

Browse Source
This commit is contained in:
Nicola Murino
2020-03-03 09:09:58 +01:00
parent d0a81cabab
commit 7f1946de34
13 changed files with 72 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
logger/logger.go
View File

@@ -47,7 +47,7 @@ func GetLogger() *zerolog.Logger {
// InitLogger configures the logger using the given parameters
func InitLogger(logFilePath string, logMaxSize int, logMaxBackups int, logMaxAge int, logCompress bool, level zerolog.Level) {
zerolog.TimeFieldFormat = dateFormat
if len(logFilePath) > 0 && filepath.Clean(logFilePath) != "." {
if isLogFilePathValid(logFilePath) {
logger = zerolog.New(&lumberjack.Logger{
Filename: logFilePath,
MaxSize: logMaxSize,
@@ -183,3 +183,11 @@ func ConnectionFailedLog(user, ip, loginType, errorString string) {
Str("error", errorString).
Msg("")
}
func isLogFilePathValid(logFilePath string) bool {
cleanInput := filepath.Clean(logFilePath)
if cleanInput == "." || cleanInput == ".." {
return false
}
return true
}