diff options
Diffstat (limited to 'internal')
| -rw-r--r-- | internal/ctlsock/sanitize.go | 12 | ||||
| -rw-r--r-- | internal/ctlsock/sanitize_test.go | 1 |
2 files changed, 8 insertions, 5 deletions
diff --git a/internal/ctlsock/sanitize.go b/internal/ctlsock/sanitize.go index 22a8a1c..7cf77a5 100644 --- a/internal/ctlsock/sanitize.go +++ b/internal/ctlsock/sanitize.go @@ -6,23 +6,25 @@ import ( ) // SanitizePath adapts filepath.Clean for FUSE paths. -// 1) A leading slash is dropped +// 1) Leading slash(es) are dropped // 2) It returns "" instead of "." // 3) If the cleaned path points above CWD (start with ".."), an empty string // is returned // See the TestSanitizePath testcases for examples. func SanitizePath(path string) string { + // (1) + for len(path) > 0 && path[0] == '/' { + path = path[1:] + } if len(path) == 0 { return "" } - // Drop leading slash - if path[0] == '/' { - path = path[1:] - } clean := filepath.Clean(path) + // (2) if clean == "." { return "" } + // (3) if clean == ".." || strings.HasPrefix(clean, "../") { return "" } diff --git a/internal/ctlsock/sanitize_test.go b/internal/ctlsock/sanitize_test.go index bfdf0a7..d79fa7c 100644 --- a/internal/ctlsock/sanitize_test.go +++ b/internal/ctlsock/sanitize_test.go @@ -19,6 +19,7 @@ func TestSanitizePath(t *testing.T) { {"foo/../..", ""}, {"foo/../../aaaaaa", ""}, {"/foo/../../aaaaaa", ""}, + {"/////", ""}, } for _, tc := range testCases { res := SanitizePath(tc[0]) |