summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Pointner <equinox@helsinki.at>2015-12-17 23:52:49 (GMT)
committerChristian Pointner <equinox@helsinki.at>2015-12-17 23:52:49 (GMT)
commit06dbfacd0b4f77587d08c566fa8166e54ff9d426 (patch)
treef9398a98c804561713ca76737d93c506a80959c1
parentd33cf1f6738a3c3771247dd29e764c296b806f4c (diff)
local:// sanitzes path now
-rw-r--r--src/helsinki.at/rhimport/conf.go4
-rw-r--r--src/helsinki.at/rhimport/fetcher.go17
-rw-r--r--src/helsinki.at/rhimportd/main.go3
3 files changed, 13 insertions, 11 deletions
diff --git a/src/helsinki.at/rhimport/conf.go b/src/helsinki.at/rhimport/conf.go
index 2386ba9..5f22782 100644
--- a/src/helsinki.at/rhimport/conf.go
+++ b/src/helsinki.at/rhimport/conf.go
@@ -43,6 +43,7 @@ type Config struct {
db_user string
db_passwd string
db_db string
+ LocalFetchDir string
ImportParamDefaults
}
@@ -67,7 +68,7 @@ func (self *Config) read_config_file() error {
return nil
}
-func NewConfig(configfile, rdxport_endpoint, temp_dir *string) (conf *Config, err error) {
+func NewConfig(configfile, rdxport_endpoint, temp_dir, local_fetch_dir *string) (conf *Config, err error) {
conf = new(Config)
conf.configfile = *configfile
if err = conf.read_config_file(); err != nil {
@@ -75,6 +76,7 @@ func NewConfig(configfile, rdxport_endpoint, temp_dir *string) (conf *Config, er
}
conf.RDXportEndpoint = *rdxport_endpoint
conf.TempDir = *temp_dir
+ conf.LocalFetchDir = *local_fetch_dir
conf.ImportParamDefaults.Channels = 2
conf.ImportParamDefaults.NormalizationLevel = -12
conf.ImportParamDefaults.AutotrimLevel = 0
diff --git a/src/helsinki.at/rhimport/fetcher.go b/src/helsinki.at/rhimport/fetcher.go
index 38e1d7f..fed51bf 100644
--- a/src/helsinki.at/rhimport/fetcher.go
+++ b/src/helsinki.at/rhimport/fetcher.go
@@ -32,6 +32,7 @@ import (
"net/url"
"os"
"path"
+ "path/filepath"
"strings"
)
@@ -129,19 +130,18 @@ func FetchFileCurl(ctx *ImportContext, uri *url.URL) (err error) {
return
}
-// TODO: check path to import from -> don't touch problematic files like /etc/shadow...
-// the daemon shouldn't be running as a user who can do any harm anyway
-// still: let's make a special configurable directory the local:/// dir
-// and only allow absolute paths here which will be based on the
-// 'local' directory
-// TODO: also check if file exists and is accessable!!! otherwise curl will blow up
-// with a not-easy-to-understand error
func FetchFileLocal(ctx *ImportContext, uri *url.URL) (err error) {
rhl.Printf("Local fetcher called for '%s'", ctx.SourceUri)
if ctx.ProgressCallBack != nil {
ctx.ProgressCallBack(1, "fetching", 1.0, ctx.ProgressCallBackData)
}
- ctx.SourceFile = uri.Path
+
+ ctx.SourceFile = filepath.Join(ctx.Config.LocalFetchDir, path.Clean("/"+uri.Path))
+ var src *os.File
+ if src, err = os.Open(ctx.SourceFile); err != nil {
+ return
+ }
+ defer src.Close()
ctx.DeleteSourceFile = false
ctx.DeleteSourceDir = false
return
@@ -182,7 +182,6 @@ func fetcher_init() {
}
}
-// TODO: make sure a (partially) fetched file get's deleted on error
func FetchFile(ctx *ImportContext) (err error) {
var uri *url.URL
diff --git a/src/helsinki.at/rhimportd/main.go b/src/helsinki.at/rhimportd/main.go
index 1b9e5e0..32b81d7 100644
--- a/src/helsinki.at/rhimportd/main.go
+++ b/src/helsinki.at/rhimportd/main.go
@@ -46,6 +46,7 @@ func main() {
rdconf_s := flag.String("rdconf", "/etc/rd.conf", "path to the Rivendell config file")
rdxport_url_s := flag.String("rdxport-url", "http://localhost/rd-bin/rdxport.cgi", "the url to the Rivendell web-api")
temp_dir_s := flag.String("tmp-dir", os.TempDir(), "path to temporary files")
+ local_fetch_dir_s := flag.String("local-fetch-dir", os.TempDir(), "path to files that can be imported using local://")
help := flag.Bool("help", false, "show usage")
flag.Parse()
@@ -54,7 +55,7 @@ func main() {
return
}
- conf, err := rhimport.NewConfig(rdconf_s, rdxport_url_s, temp_dir_s)
+ conf, err := rhimport.NewConfig(rdconf_s, rdxport_url_s, temp_dir_s, local_fetch_dir_s)
if err != nil {
rhl.Println("Error reading configuration:", err)
return