diff options
| author | Unknwon <u@gogs.io> | 2018-12-18 01:31:04 -0500 |
|---|---|---|
| committer | Unknwon <u@gogs.io> | 2018-12-18 01:31:04 -0500 |
| commit | 86ada875296eb81ffd902f976eedee9ea0f19859 (patch) | |
| tree | fb7e03f4bd27768cd5509fdc5a735813d49c4842 /pkg/tool/path.go | |
| parent | d74437af578718784c30819f160dc98e6f401a12 (diff) | |
models/repo_editor: sanitize user-defined file name to prevent RCE (#5558)
Reported by PentesterLab (https://pentesterlab.com).
Diffstat (limited to 'pkg/tool/path.go')
| -rw-r--r-- | pkg/tool/path.go | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/pkg/tool/path.go b/pkg/tool/path.go index e478abc5..3c0d2d02 100644 --- a/pkg/tool/path.go +++ b/pkg/tool/path.go @@ -4,9 +4,18 @@ package tool +import ( + "strings" +) + // IsSameSiteURLPath returns true if the URL path belongs to the same site, false otherwise. // False: //url, http://url, /\url // True: /url func IsSameSiteURLPath(url string) bool { return len(url) >= 2 && url[0] == '/' && url[1] != '/' && url[1] != '\\' } + +// SanitizePath sanitizes user-defined file paths to prevent remote code execution. +func SanitizePath(path string) string { + return strings.TrimLeft(path, "./") +} |