f/twins-upstream
1
0
Fork 0
mirror of https://code.rocketnine.space/tslocum/twins.git synced 2024-11-27 13:28:15 +01:00
Code Issues Projects Releases Wiki Activity

Do not follow symbolic links by default

Browse source 
Resolves #4.
This commit is contained in:
Trevor Slocum 2020-11-10 09:59:35 -08:00
parent 51fd59b24f
commit 4f4e2a8cbe
3 changed files with 18 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
CONFIGURATION.md
View file

@ -102,6 +102,10 @@ Cache duration (in seconds). Set to `0` to disable caching entirely. This is an
out-of-spec feature. See [PROPOSALS.md](https://gitlab.com/tslocum/twins/blob/master/PROPOSALS.md) out-of-spec feature. See [PROPOSALS.md](https://gitlab.com/tslocum/twins/blob/master/PROPOSALS.md)
for more information. for more information.
##### SymLinks
When enabled, symbolic links may be accessed. This attribute is disabled by default.
##### HiddenFiles ##### HiddenFiles
When enabled, hidden files and directories may be accessed. This attribute is When enabled, hidden files and directories may be accessed. This attribute is

3
config.go
View file

@ -31,6 +31,9 @@ type pathConfig struct {
// Request sensitive input // Request sensitive input
SensitiveInput string SensitiveInput string
// Follow symbolic links
SymLinks bool
// Serve hidden files and directories // Serve hidden files and directories
HiddenFiles bool HiddenFiles bool

11
server.go
View file

@ -154,6 +154,17 @@ func servePath(c *tls.Conn, request *url.URL, serve *pathConfig) {
if root[len(root)-1] != '/' { if root[len(root)-1] != '/' {
root += "/" root += "/"
} }
if !serve.SymLinks {
for i := range requestSplit[pathSlashes:] {
info, err := os.Lstat(path.Join(root, strings.Join(requestSplit[pathSlashes:pathSlashes+i+1], "/")))
if err != nil || info.Mode()&os.ModeSymlink == os.ModeSymlink {
writeStatus(c, statusTemporaryFailure)
return
}
}
}
filePath = path.Join(root, resolvedPath) filePath = path.Join(root, resolvedPath)
} }