summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Pointner <equinox@helsinki.at>2015-12-17 23:52:49 (GMT)
committerChristian Pointner <equinox@helsinki.at>2015-12-17 23:52:49 (GMT)
commitd045588f048cfdb6bcdd36dcd1cdbe38318fd39a (patch)
tree00cec23adfaabe488b3bbd006b9a667951f0f882
parentc3d7a6f2ea59e75a5e2c3939eea6a5248d9f779a (diff)
local:// sanitzes path now
-rw-r--r--conf.go4
-rw-r--r--fetcher.go17
2 files changed, 11 insertions, 10 deletions
diff --git a/conf.go b/conf.go
index 2386ba9..5f22782 100644
--- a/conf.go
+++ b/conf.go
@@ -43,6 +43,7 @@ type Config struct {
db_user string
db_passwd string
db_db string
+ LocalFetchDir string
ImportParamDefaults
}
@@ -67,7 +68,7 @@ func (self *Config) read_config_file() error {
return nil
}
-func NewConfig(configfile, rdxport_endpoint, temp_dir *string) (conf *Config, err error) {
+func NewConfig(configfile, rdxport_endpoint, temp_dir, local_fetch_dir *string) (conf *Config, err error) {
conf = new(Config)
conf.configfile = *configfile
if err = conf.read_config_file(); err != nil {
@@ -75,6 +76,7 @@ func NewConfig(configfile, rdxport_endpoint, temp_dir *string) (conf *Config, er
}
conf.RDXportEndpoint = *rdxport_endpoint
conf.TempDir = *temp_dir
+ conf.LocalFetchDir = *local_fetch_dir
conf.ImportParamDefaults.Channels = 2
conf.ImportParamDefaults.NormalizationLevel = -12
conf.ImportParamDefaults.AutotrimLevel = 0
diff --git a/fetcher.go b/fetcher.go
index 38e1d7f..fed51bf 100644
--- a/fetcher.go
+++ b/fetcher.go
@@ -32,6 +32,7 @@ import (
"net/url"
"os"
"path"
+ "path/filepath"
"strings"
)
@@ -129,19 +130,18 @@ func FetchFileCurl(ctx *ImportContext, uri *url.URL) (err error) {
return
}
-// TODO: check path to import from -> don't touch problematic files like /etc/shadow...
-// the daemon shouldn't be running as a user who can do any harm anyway
-// still: let's make a special configurable directory the local:/// dir
-// and only allow absolute paths here which will be based on the
-// 'local' directory
-// TODO: also check if file exists and is accessable!!! otherwise curl will blow up
-// with a not-easy-to-understand error
func FetchFileLocal(ctx *ImportContext, uri *url.URL) (err error) {
rhl.Printf("Local fetcher called for '%s'", ctx.SourceUri)
if ctx.ProgressCallBack != nil {
ctx.ProgressCallBack(1, "fetching", 1.0, ctx.ProgressCallBackData)
}
- ctx.SourceFile = uri.Path
+
+ ctx.SourceFile = filepath.Join(ctx.Config.LocalFetchDir, path.Clean("/"+uri.Path))
+ var src *os.File
+ if src, err = os.Open(ctx.SourceFile); err != nil {
+ return
+ }
+ defer src.Close()
ctx.DeleteSourceFile = false
ctx.DeleteSourceDir = false
return
@@ -182,7 +182,6 @@ func fetcher_init() {
}
}
-// TODO: make sure a (partially) fetched file get's deleted on error
func FetchFile(ctx *ImportContext) (err error) {
var uri *url.URL