technofab/zfs-localpv
1
0
Fork 0
mirror of https://github.com/TECHNOFAB11/zfs-localpv.git synced 2025-12-11 22:10:11 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix(filepath): fixes of potential file inclusion via variable (#322)

Browse source 
Signed-off-by: nisarg1499 <nisshah1499@gmail.com>
This commit is contained in:
Nisarg Shah 2021-05-04 20:46:16 +05:30 committed by GitHub
parent a8376796b7
commit 0ebab22224
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 4 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

4
pkg/version/version.go
View file

@ -62,7 +62,7 @@ func Get() string {
}
path := filepath.Join(os.Getenv("GOPATH") + versionFile)
vBytes, err := ioutil.ReadFile(path)
vBytes, err := ioutil.ReadFile(filepath.Clean(path))
if err != nil {
klog.Errorf("failed to get version: %s", err.Error())
return ""
@ -81,7 +81,7 @@ func GetBuildMeta() string {
}
path := filepath.Join(os.Getenv("GOPATH") + buildMetaFile)
vBytes, err := ioutil.ReadFile(path)
vBytes, err := ioutil.ReadFile(filepath.Clean(path))
if err != nil {
klog.Errorf("failed to get build version: %s", err.Error())
return ""

3
pkg/zfs/mount.go
View file

@ -19,6 +19,7 @@ import (
"fmt"
"os"
"os/exec"
"path/filepath"
mnt "github.com/openebs/lib-csi/pkg/mount"
apis "github.com/openebs/zfs-localpv/pkg/apis/openebs.io/zfs/v1"
@ -297,7 +298,7 @@ func MountBlock(vol *apis.ZFSVolume, mountinfo *MountInfo) error {
}
func makeFile(pathname string) error {
f, err := os.OpenFile(pathname, os.O_CREATE, os.FileMode(0644))
f, err := os.OpenFile(filepath.Clean(pathname), os.O_CREATE, os.FileMode(0644))
defer f.Close()
if err != nil {
if !os.IsExist(err) {