robogg133/packets
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

bug fixed

Browse Source
This commit is contained in:
roboogg133
2025-08-02 13:19:27 -03:00
parent afb27816df
commit 7a73528838
1 changed files with 5 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
internal/internal.go
View File

@@ -124,17 +124,15 @@ func DefaultConfigTOML() *ConfigTOML {
} }
func IsSafe(str string) bool { func IsSafe(str string) bool {
s, err := filepath.EvalSymlinks(strings.TrimSpace(filepath.Clean(str))) s, err := filepath.EvalSymlinks(filepath.Clean(str))
if err != nil { if err != nil {
return false s = filepath.Clean(str)
} }
var cfg ConfigTOML var cfg ConfigTOML
toml.DecodeFile(filepath.Join(PacketsPackageDir(), "config.toml"), &cfg) toml.DecodeFile(filepath.Join(PacketsPackageDir(), "config.toml"), &cfg)
fmt.Println("[DEBUG] verificando segurança de", s) if strings.HasPrefix(s, cfg.Config.DataDir) || strings.HasPrefix(s, cfg.Config.BinDir) {
fmt.Println("[DEBUG] dataDir =", cfg.Config.DataDir, "binDir =", cfg.Config.BinDir)
if strings.HasPrefix(s, strings.TrimSpace(cfg.Config.DataDir)) || strings.HasPrefix(s, strings.TrimSpace(cfg.Config.BinDir)) {
return true return true
} else if strings.Contains(s, ".ssh") { } else if strings.Contains(s, ".ssh") {
@@ -144,7 +142,7 @@ func IsSafe(str string) bool {
return false return false
} else if strings.HasPrefix(s, "/usr") || strings.HasPrefix(s, "/bin") { } else if strings.HasPrefix(s, "/usr") || strings.HasPrefix(s, "/bin") {
fmt.Println(s, "está dentro de usr")
return strings.HasPrefix(s, "/usr/share") return strings.HasPrefix(s, "/usr/share")
} else if strings.HasPrefix(s, "/var/mail") { } else if strings.HasPrefix(s, "/var/mail") {