mirror of
https://github.com/Mezeporta/Erupe.git
synced 2025-12-13 07:25:03 +01:00
38 lines
738 B
Go
38 lines
738 B
Go
package api
|
|
|
|
import (
|
|
"errors"
|
|
"fmt"
|
|
"path/filepath"
|
|
)
|
|
|
|
func inTrustedRoot(path string, trustedRoot string) error {
|
|
for path != "/" {
|
|
path = filepath.Dir(path)
|
|
if path == trustedRoot {
|
|
return nil
|
|
}
|
|
}
|
|
return errors.New("path is outside of trusted root")
|
|
}
|
|
|
|
func verifyPath(path string, trustedRoot string) (string, error) {
|
|
|
|
c := filepath.Clean(path)
|
|
fmt.Println("Cleaned path: " + c)
|
|
|
|
r, err := filepath.EvalSymlinks(c)
|
|
if err != nil {
|
|
fmt.Println("Error " + err.Error())
|
|
return c, errors.New("Unsafe or invalid path specified")
|
|
}
|
|
|
|
err = inTrustedRoot(r, trustedRoot)
|
|
if err != nil {
|
|
fmt.Println("Error " + err.Error())
|
|
return r, errors.New("Unsafe or invalid path specified")
|
|
} else {
|
|
return r, nil
|
|
}
|
|
}
|