mirror of
https://github.com/Mezeporta/Erupe.git
synced 2026-03-22 07:32:32 +01:00
06cb3afa57
Replace all fmt.Printf/Println and log.Printf/Fatal with structured zap.Logger calls to eliminate inconsistent logging (anti-pattern #12). - network/crypt_conn: inject logger via NewCryptConn, replace 6 fmt calls - signserver/session: use existing s.logger for debug packet dumps - entranceserver: use s.logger for inbound/outbound debug logging - api/utils: accept logger param in verifyPath, replace fmt.Println - api/endpoints: use s.logger for screenshot path diagnostics - config: replace log.Fatal with error return in getOutboundIP4 - deltacomp: replace log.Printf with zap.L() global logger
39 lines
830 B
Go
39 lines
830 B
Go
package api
|
|
|
|
import (
|
|
"errors"
|
|
"path/filepath"
|
|
|
|
"go.uber.org/zap"
|
|
)
|
|
|
|
func inTrustedRoot(path string, trustedRoot string) error {
|
|
for path != "/" {
|
|
path = filepath.Dir(path)
|
|
if path == trustedRoot {
|
|
return nil
|
|
}
|
|
}
|
|
return errors.New("path is outside of trusted root")
|
|
}
|
|
|
|
func verifyPath(path string, trustedRoot string, logger *zap.Logger) (string, error) {
|
|
|
|
c := filepath.Clean(path)
|
|
logger.Debug("Cleaned path", zap.String("path", c))
|
|
|
|
r, err := filepath.EvalSymlinks(c)
|
|
if err != nil {
|
|
logger.Warn("Path verification failed", zap.Error(err))
|
|
return c, errors.New("unsafe or invalid path specified")
|
|
}
|
|
|
|
err = inTrustedRoot(r, trustedRoot)
|
|
if err != nil {
|
|
logger.Warn("Path outside trusted root", zap.Error(err))
|
|
return r, errors.New("unsafe or invalid path specified")
|
|
} else {
|
|
return r, nil
|
|
}
|
|
}
|