You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
23 lines
454 B
23 lines
454 B
2 years ago
|
package utils
|
||
|
|
||
|
import (
|
||
|
"fmt"
|
||
|
"path/filepath"
|
||
|
)
|
||
|
|
||
|
func inTrustedRoot(path string, trustedRoot string) error {
|
||
|
for path != "/" {
|
||
|
path = filepath.Dir(path)
|
||
|
if path == trustedRoot {
|
||
|
return nil
|
||
|
}
|
||
|
}
|
||
|
return fmt.Errorf("path is outside of trusted root")
|
||
|
}
|
||
|
|
||
|
// VerifyPath verifies that path is based in basePath.
|
||
|
func VerifyPath(path, basePath string) error {
|
||
|
c := filepath.Clean(filepath.Join(basePath, path))
|
||
|
return inTrustedRoot(c, basePath)
|
||
|
}
|