Sanitize path api params

- fix path traversal complains by CodeQL
2026-04-20 19:38:39 +00:00 · 2024-10-10 18:54:03 +02:00
parent ce2966e547
commit 57639c4adf
4 changed files with 30 additions and 15 deletions
--- a/utils/utils.go
+++ b/utils/utils.go
@@ -4,6 +4,7 @@ package utils
 import (
 	"fmt"
 	"os"
+	"strings"

 	"golang.org/x/sys/unix"
 )
@@ -22,3 +23,10 @@ func DirIsAccessible(filename string) error {
 	}
 	return nil
 }
+
+// Remove leading '/', remove '..'
+func PathSanitize(path string) (result string) {
+	result = strings.Replace(path, "..", "", -1)
+	result = strings.TrimLeft(result, "/")
+	return
+}