fix(security): prevent path traversal and command injection (#102)

Co-authored-by: admin <admin@ardentleatherworks.com>
2026-01-24 16:32:41 +01:00 · 2025-12-21 12:21:31 -06:00 · 2025-12-21 12:21:31 -06:00 · 80912b7d43
commit 80912b7d43
parent 9d7b5b5298
2 changed files with 14 additions and 4 deletions
--- a/src/NzbDrone.Common/ServiceProvider.cs
+++ b/src/NzbDrone.Common/ServiceProvider.cs
@ -184,9 +184,9 @@ public void Start(string serviceName)

        public void Restart(string serviceName)
        {
-            var args = string.Format("/C net.exe stop \"{0}\" && net.exe start \"{0}\"", serviceName);
-
-            _processProvider.Start("cmd.exe", args);
+            _logger.Info("Restarting {0} Service...", serviceName);
+            Stop(serviceName);
+            Start(serviceName);
        }

        public void SetPermissions(string serviceName)
--- a/src/Radarr.Http/Frontend/Mappers/BackupFileMapper.cs
+++ b/src/Radarr.Http/Frontend/Mappers/BackupFileMapper.cs
@ -19,7 +19,17 @@ public override string Map(string resourceUrl)
        {
            var path = resourceUrl.Replace("/backup/", "").Replace('/', Path.DirectorySeparatorChar);

-            return Path.Combine(_backupService.GetBackupFolder(), path);
+            var basePath = Path.GetFullPath(_backupService.GetBackupFolder());
+            var filePath = Path.GetFullPath(Path.Combine(basePath, path));
+
+            // Prevent path traversal - ensure path stays within backup folder
+            if (!filePath.StartsWith(basePath + Path.DirectorySeparatorChar) &&
+                !filePath.Equals(basePath, System.StringComparison.Ordinal))
+            {
+                return null;
+            }
+
+            return filePath;
        }

        public override bool CanHandle(string resourceUrl)