vincent/aptly
1
0
Fork 0
mirror of https://github.com/aptly-dev/aptly.git synced 2026-06-08 05:50:47 +00:00
Code Issues Projects Releases Wiki Activity

Sanitize path api params

Browse Source 
- fix path traversal complains by CodeQL
This commit is contained in:
André Roth
2024-10-10 18:54:03 +02:00
parent ce2966e547
commit 57639c4adf
4 changed files with 30 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files
api/repos.go
+4 -4
View File
@@ -343,8 +343,8 @@ func apiReposPackageFromDir(c *gin.Context) {
return
}
dirParam := c.Params.ByName("dir")
fileParam := c.Params.ByName("file")
dirParam := utils.PathSanitize(c.Params.ByName("dir"))
fileParam := utils.PathSanitize(c.Params.ByName("file"))
if fileParam != "" && !verifyPath(fileParam) {
AbortWithJSONError(c, 400, fmt.Errorf("wrong file"))
return
@@ -620,8 +620,8 @@ func apiReposIncludePackageFromDir(c *gin.Context) {
var sources []string
var taskName string
dirParam := c.Params.ByName("dir")
fileParam := c.Params.ByName("file")
dirParam := utils.PathSanitize(c.Params.ByName("dir"))
fileParam := utils.PathSanitize(c.Params.ByName("file"))
if fileParam != "" && !verifyPath(fileParam) {
AbortWithJSONError(c, 400, fmt.Errorf("wrong file"))
return