bartha.gabor/feedmee
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add security to local directory setup

Browse Source
This commit is contained in:
Tamas Gal
2025-10-17 00:10:08 +02:00
parent 975b72e89f
commit 1a84e44351
2 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
backend/main.go
View File

@@ -39,7 +39,7 @@ func main() {
// Setup data directory // Setup data directory
dataDir, err := setupDataDir() dataDir, err := setupDataDir()
if err != nil { if err != nil {
slog.Error("Cannot set data directory: %s; %w", os.Getenv("DATA_DIR"), err) slog.Error("Cannot set data directory", "dir", os.Getenv("DATA_DIR"), "error", err)
os.Exit(1) os.Exit(1)
} }

4
backend/setup_data_dir.go
View File

@@ -14,6 +14,10 @@ func setupDataDir() (string, error) {
dataDir = filepath.Join(".", os.Getenv("DATA_DIR")) dataDir = filepath.Join(".", os.Getenv("DATA_DIR"))
} }
if !filepath.IsLocal(dataDir) {
return "", fmt.Errorf("directory '%s' is not valid or not local", dataDir)
}
if _, err := os.Stat(dataDir); os.IsNotExist(err) { if _, err := os.Stat(dataDir); os.IsNotExist(err) {
err := os.Mkdir(dataDir, 0o755) err := os.Mkdir(dataDir, 0o755)
if err != nil { if err != nil {