d3m0k1d/BanForge
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 14 Wiki Activity

Update path validator
All checks were successful
CI.yml / build (push) Successful in 56s
Details

Browse Source
This commit is contained in:
d3m0k1d
2026-01-12 15:56:28 +03:00
parent 7c0bdc2dfa
commit 871965f437
1 changed files with 17 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
internal/blocker/validators.go
View File

@@ -1,8 +1,11 @@
package blocker package blocker
import ( import (
"errors"
"fmt" "fmt"
"net" "net"
"path/filepath"
"strings"
) )
func validateIP(ip string) error { func validateIP(ip string) error {
@@ -17,10 +20,20 @@ func validateIP(ip string) error {
return nil return nil
} }
func validateConfigPath(path string) error { func validateConfigPath(pathIn string) error {
if path == "" { if pathIn == "" {
return fmt.Errorf("empty path") return errors.New("config path cannot be empty")
} }
cleanPath := filepath.Clean(pathIn)
if !filepath.IsAbs(cleanPath) {
return fmt.Errorf("config path must be absolute, got: %s", cleanPath)
}
if strings.Contains(cleanPath, "..") {
return fmt.Errorf("config path contains path traversal: %s", cleanPath)
}
return nil return nil
// TODO: add more valodation
} }