diff options
author | Christian Pointner <equinox@helsinki.at> | 2015-12-17 23:52:49 (GMT) |
---|---|---|
committer | Christian Pointner <equinox@helsinki.at> | 2015-12-17 23:52:49 (GMT) |
commit | d045588f048cfdb6bcdd36dcd1cdbe38318fd39a (patch) | |
tree | 00cec23adfaabe488b3bbd006b9a667951f0f882 | |
parent | c3d7a6f2ea59e75a5e2c3939eea6a5248d9f779a (diff) |
local:// sanitzes path now
-rw-r--r-- | conf.go | 4 | ||||
-rw-r--r-- | fetcher.go | 17 |
2 files changed, 11 insertions, 10 deletions
@@ -43,6 +43,7 @@ type Config struct { db_user string db_passwd string db_db string + LocalFetchDir string ImportParamDefaults } @@ -67,7 +68,7 @@ func (self *Config) read_config_file() error { return nil } -func NewConfig(configfile, rdxport_endpoint, temp_dir *string) (conf *Config, err error) { +func NewConfig(configfile, rdxport_endpoint, temp_dir, local_fetch_dir *string) (conf *Config, err error) { conf = new(Config) conf.configfile = *configfile if err = conf.read_config_file(); err != nil { @@ -75,6 +76,7 @@ func NewConfig(configfile, rdxport_endpoint, temp_dir *string) (conf *Config, er } conf.RDXportEndpoint = *rdxport_endpoint conf.TempDir = *temp_dir + conf.LocalFetchDir = *local_fetch_dir conf.ImportParamDefaults.Channels = 2 conf.ImportParamDefaults.NormalizationLevel = -12 conf.ImportParamDefaults.AutotrimLevel = 0 @@ -32,6 +32,7 @@ import ( "net/url" "os" "path" + "path/filepath" "strings" ) @@ -129,19 +130,18 @@ func FetchFileCurl(ctx *ImportContext, uri *url.URL) (err error) { return } -// TODO: check path to import from -> don't touch problematic files like /etc/shadow... -// the daemon shouldn't be running as a user who can do any harm anyway -// still: let's make a special configurable directory the local:/// dir -// and only allow absolute paths here which will be based on the -// 'local' directory -// TODO: also check if file exists and is accessable!!! otherwise curl will blow up -// with a not-easy-to-understand error func FetchFileLocal(ctx *ImportContext, uri *url.URL) (err error) { rhl.Printf("Local fetcher called for '%s'", ctx.SourceUri) if ctx.ProgressCallBack != nil { ctx.ProgressCallBack(1, "fetching", 1.0, ctx.ProgressCallBackData) } - ctx.SourceFile = uri.Path + + ctx.SourceFile = filepath.Join(ctx.Config.LocalFetchDir, path.Clean("/"+uri.Path)) + var src *os.File + if src, err = os.Open(ctx.SourceFile); err != nil { + return + } + defer src.Close() ctx.DeleteSourceFile = false ctx.DeleteSourceDir = false return @@ -182,7 +182,6 @@ func fetcher_init() { } } -// TODO: make sure a (partially) fetched file get's deleted on error func FetchFile(ctx *ImportContext) (err error) { var uri *url.URL |