Validate paths for static file server

2025-11-06 16:04:23 +00:00 · 2024-09-30 19:31:20 +02:00
parent 58fe6355bc
commit ab27b36aad
2 changed files with 22 additions and 12 deletions
--- a/backend/internal/filesystem/filesystem.go
+++ b/backend/internal/filesystem/filesystem.go
@@ -2,6 +2,7 @@ package filesystem

 import (
 	"errors"
+	"fmt"
 	"novamd/internal/gitutils"
 	"novamd/internal/models"
 	"os"
@@ -47,27 +48,30 @@ func (fs *FileSystem) InitializeGitRepo() error {
 	return fs.GitRepo.EnsureRepo()
 }

-// validatePath checks if the given path is within the root directory
-func (fs *FileSystem) validatePath(path string) (string, error) {
-	fullPath := filepath.Join(fs.RootDir, path)
+func ValidatePath(rootDir, path string) (string, error) {
+	fullPath := filepath.Join(rootDir, path)
 	cleanPath := filepath.Clean(fullPath)

-	if !strings.HasPrefix(cleanPath, fs.RootDir) {
-		return "", errors.New("invalid path: outside of root directory")
+	if !strings.HasPrefix(cleanPath, filepath.Clean(rootDir)) {
+		return "", fmt.Errorf("invalid path: outside of root directory")
 	}

-	relPath, err := filepath.Rel(fs.RootDir, cleanPath)
+	relPath, err := filepath.Rel(rootDir, cleanPath)
 	if err != nil {
 		return "", err
 	}

 	if strings.HasPrefix(relPath, "..") {
-		return "", errors.New("invalid path: outside of root directory")
+		return "", fmt.Errorf("invalid path: outside of root directory")
 	}

 	return cleanPath, nil
 }

+func (fs *FileSystem) validatePath(path string) (string, error) {
+	return ValidatePath(fs.RootDir, path)
+}
+
 func (fs *FileSystem) ListFilesRecursively() ([]FileNode, error) {
 	return fs.walkDirectory(fs.RootDir)
 }