Skip to content

Commit be40b8c

Browse files
sreyasreya
authored
chore: set more explicit guards for serving bin files (coder#19597)
1 parent 0f1fc88 commit be40b8c

File tree

1 file changed

+10
-0
lines changed

1 file changed

+10
-0
lines changed

site/site.go

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1018,6 +1018,16 @@ func newBinMetadataCache(binFS http.FileSystem, binSha1Hashes map[string]string)
10181018
}
10191019

10201020
func (b *binMetadataCache) getMetadata(name string) (binMetadata, error) {
1021+
// Reject any invalid or non-basename paths before touching the filesystem.
1022+
if name == "" ||
1023+
name == "." ||
1024+
strings.Contains(name, "/") ||
1025+
strings.Contains(name, "\\") ||
1026+
!fs.ValidPath(name) ||
1027+
path.Base(name) != name {
1028+
return binMetadata{}, os.ErrNotExist
1029+
}
1030+
10211031
b.mut.RLock()
10221032
metadata, ok := b.metadata[name]
10231033
b.mut.RUnlock()

0 commit comments

Comments
 (0)