TrueCloudLab/coredns
16
0
Fork 2
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

Fix security scans by cleaning up file path (#5185)

Browse source 
While performing security scans there were several
issue raised as G304 (CWE-22): Potential file inclusion via variable.
As some files path are taken from user input, it is possible the
filepath passed by user may have unintended effect if not properly formed.
This fix add Clean to remove the security warning and address some
potential issue.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This commit is contained in:
Yong Tang 2022-02-14 08:24:21 -08:00 committed by GitHub
parent b40f2a0a44
commit c6709d930f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
8 changed files with 14 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

2
plugin/file/setup.go
View file

@ -88,7 +88,7 @@ func fileParse(c *caddy.Controller) (Zones, error) {
fileName = filepath.Join(config.Root, fileName)
}
reader, err := os.Open(fileName)
reader, err := os.Open(filepath.Clean(fileName))
if err != nil {
openErr = err
}