Skip to content

Commit

Permalink
addressed comments, added file not found error
Browse files Browse the repository at this point in the history
  • Loading branch information
@MrStashley
MrStashley committed Mar 18, 2024
1 parent ca0240c commit 2c572dd
Showing 1 changed file with 5 additions and 2 deletions.
7 changes: 5 additions & 2 deletions wavesrv/cmd/main-server.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -688,14 +688,17 @@ func CheckIsDir(dirHandler http.Handler, fileHandler http.Handler) http.Handler
}
configBaseDir := path.Join(scbase.GetWaveHomeDir(), "config")
configFullPath := path.Join(scbase.GetWaveHomeDir(), configAbsPath)
log.Printf("base dir: %v full path: %v", configBaseDir, configFullPath)
if !strings.HasPrefix(configFullPath, configBaseDir) {
w.WriteHeader(500)
w.Write([]byte(fmt.Sprintf("error: path is not in config folder")))
return
}
fstat, err := os.Stat(configFullPath)
if err != nil {
if errors.Is(err, fs.ErrNotExist) {
w.WriteHeader(404)
w.Write([]byte(fmt.Sprintf("file not found: ", configAbsPath)))

Check warning

Code scanning / CodeQL

Reflected cross-site scripting Medium

Cross-site scripting vulnerability due to
user-provided value
Loading
.
return
} else if err != nil {
w.WriteHeader(500)
w.Write([]byte(fmt.Sprintf("file stat err", err)))
return
Expand Down

0 comments on commit 2c572dd

Please sign in to comment.