d3m0k1d/BanForge
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 14 Wiki Activity

fix(security): fix gosec G204 warnings
All checks were successful
CI.yml / build (push) Successful in 55s
Details

Browse Source 
- Use separate arguments instead of string concat in firewall-cmd
- Add validateConfigPath() for iptables config path validation
- Blocks path traversal and restricts to trusted directories

Fixes G204 warnings.
This commit is contained in:
d3m0k1d
2026-01-11 22:41:27 +03:00
parent 41ff13fa66
commit 7c0bdc2dfa
3 changed files with 60 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
internal/blocker/firewalld.go
View File

@@ -1,8 +1,9 @@
package blocker
import (
"github.com/d3m0k1d/BanForge/internal/logger"
"os/exec"
"github.com/d3m0k1d/BanForge/internal/logger"
)
type Firewalld struct {
@@ -20,7 +21,7 @@ func (f *Firewalld) Ban(ip string) error {
if err != nil {
return err
}
cmd := exec.Command("sudo", "firewall-cmd", "--zone=drop", "--add-source="+ip, "--permanent")
cmd := exec.Command("sudo", "firewall-cmd", "--zone=drop", "--add-source", ip, "--permanent")
output, err := cmd.CombinedOutput()
if err != nil {
f.logger.Error(err.Error())
@@ -41,7 +42,7 @@ func (f *Firewalld) Unban(ip string) error {
if err != nil {
return err
}
cmd := exec.Command("sudo", "firewall-cmd", "--zone=drop", "--remove-source="+ip, "--permanent")
cmd := exec.Command("sudo", "firewall-cmd", "--zone=drop", "--remove-source", ip, "--permanent")
output, err := cmd.CombinedOutput()
if err != nil {
f.logger.Error(err.Error())