Skip to content

Commit 7ce25db

Browse files
ItsNotGoodNameItsNotGoodName
committed
fix: secure join path
1 parent 7c42b38 commit 7ce25db

File tree

3 files changed

+9
-2
lines changed

3 files changed

+9
-2
lines changed

go.mod

+1
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,7 @@ require (
66
github.com/Rican7/lieut v0.1.1
77
github.com/a-h/templ v0.2.334
88
github.com/containrrr/shoutrrr v0.8.0
9+
github.com/cyphar/filepath-securejoin v0.2.4
910
github.com/dustin/go-humanize v1.0.1
1011
github.com/emersion/go-sasl v0.0.0-20220912192320-0145f2c60ead
1112
github.com/emersion/go-smtp v0.18.1

go.sum

+2
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,8 @@ github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7
1616
github.com/coreos/go-systemd v0.0.0-20190719114852-fd7a80b32e1f/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
1717
github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
1818
github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
19+
github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg=
20+
github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4=
1921
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
2022
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
2123
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=

internal/endpoint/schema.go

+6-2
Original file line numberDiff line numberDiff line change
@@ -2,11 +2,11 @@ package endpoint
22

33
import (
44
"fmt"
5-
"path"
65

76
"github.com/ItsNotGoodName/smtpbridge/internal/models"
87
"github.com/ItsNotGoodName/smtpbridge/internal/senders"
98
"github.com/containrrr/shoutrrr"
9+
securejoin "github.com/cyphar/filepath-securejoin"
1010
)
1111

1212
var Schema models.EndpointSchema = models.EndpointSchema{
@@ -100,7 +100,11 @@ func (s Factory) build(kind string, config models.EndpointConfig) (Sender, error
100100
case "apprise":
101101
return senders.NewApprise(s.pythonExecutable, s.appriseScriptPath, config.StrSlice("urls")), nil
102102
case "script":
103-
scriptPath := path.Join(s.scriptDirectory, config.Str("file"))
103+
scriptPath, err := securejoin.SecureJoin(s.scriptDirectory, config.Str("file"))
104+
if err != nil {
105+
return nil, err
106+
}
107+
104108
return senders.NewScript(scriptPath), nil
105109
default:
106110
return nil, errInvalidSenderKind

0 commit comments

Comments
 (0)