Backup_Repos/gossa
1
0
Fork 0
mirror of https://github.com/pldubouilh/gossa synced 2026-01-03 06:02:21 +01:00
Code Issues Projects Releases Wiki Activity

fix hidden files

Browse source
This commit is contained in:
Pierre Dubouilh 2019-09-06 20:15:13 +02:00
parent e257d1145d
commit c9266d8849
No known key found for this signature in database
GPG key ID: 8FE8BEDA9D4DB0D7
5 changed files with 20 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored
View file

@ -8,6 +8,7 @@ gossa-windows.exe
.vscode
test-fixture/*
test-fixture/*/*
!test-fixture/.testhidden
!test-fixture/compress
!test-fixture/compress/foo*
!test-fixture/gzip

2
Makefile
View file

@ -11,7 +11,7 @@ run:
run-extra:
make build
./gossa -verb=true -prefix="/fancy-path/" -symlinks=true test-fixture
./gossa -verb=true -prefix="/fancy-path/" -k=false -symlinks=true test-fixture
ci:
-@cd test-fixture && ln -s ../support .

6
src/gossa.go
View file

@ -175,11 +175,11 @@ func rpc(w http.ResponseWriter, r *http.Request) {
}
func checkPath(p string) string {
p = filepath.Join(initPath, strings.TrimPrefix(p, *extraPath))
fp, err := filepath.Abs(p)
joined := filepath.Join(initPath, strings.TrimPrefix(p, *extraPath))
fp, err := filepath.Abs(joined)
sl, _ := filepath.EvalSymlinks(fp)
if err != nil || !strings.HasPrefix(fp, initPath) || len(sl) > 0 && !*symlinks && !strings.HasPrefix(sl, initPath) {
if err != nil || !strings.HasPrefix(fp, initPath) || *skipHidden && strings.Contains(p, "/.") || !*symlinks && len(sl) > 0 && !strings.HasPrefix(sl, initPath) {
panic(errors.New("invalid path"))
}

19
src/gossa_test.go
View file

@ -84,7 +84,7 @@ func fetchAndTestDefault(t *testing.T, url string) string {
return bodyStr
}
func doTest(t *testing.T, url string, symlinkEnabled bool) {
func doTest(t *testing.T, url string, testExtra bool) {
payload := ""
path := ""
bodyStr := ""
@ -202,16 +202,16 @@ func doTest(t *testing.T, url string, symlinkEnabled bool) {
}
// ~~~~~~~~~~~~~~~~~
fmt.Println("\r\n~~~~~~~~~~ test symlink, should succeed: ", symlinkEnabled)
fmt.Println("\r\n~~~~~~~~~~ test symlink, should succeed: ", testExtra)
bodyStr = get(t, url+"/support/readme.md")
hasReadme := strings.Contains(bodyStr, `the master branch is automatically built and pushed`)
if !symlinkEnabled && hasReadme {
if !testExtra && hasReadme {
t.Fatal("error symlink reached where illegal")
} else if symlinkEnabled && !hasReadme {
} else if testExtra && !hasReadme {
t.Fatal("error symlink unreachable")
}
if symlinkEnabled {
if testExtra {
fmt.Println("\r\n~~~~~~~~~~ test symlink mkdir & cleanup")
bodyStr = postJSON(t, url+"rpc", `{"call":"mkdirp","args":["/support/testfolder"]}`)
if bodyStr != `ok` {
@ -224,6 +224,15 @@ func doTest(t *testing.T, url string, symlinkEnabled bool) {
}
}
fmt.Println("\r\n~~~~~~~~~~ test hidden file, should succeed: ", testExtra)
bodyStr = get(t, url+"/.testhidden")
hasHidden := strings.Contains(bodyStr, `test`)
if !testExtra && hasHidden {
t.Fatal("error hidden file reached where illegal")
} else if testExtra && !hasHidden {
t.Fatal("error hidden file unreachable")
}
//
fmt.Println("\r\n~~~~~~~~~~ test upload in new folder")
payload = "abcdef1234"

1
test-fixture/.testhidden Normal file
View file

@ -0,0 +1 @@
test