From 0ebab2222478bf35511edfc30f2ac0b98d64175d Mon Sep 17 00:00:00 2001
From: Nisarg Shah <nisshah1499@gmail.com>
Date: Tue, 4 May 2021 20:46:16 +0530
Subject: [PATCH] fix(filepath): fixes of potential file inclusion via variable
 (#322)

Signed-off-by: nisarg1499 <nisshah1499@gmail.com>
---
 pkg/version/version.go | 4 ++--
 pkg/zfs/mount.go       | 3 ++-
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/pkg/version/version.go b/pkg/version/version.go
index f22cf95..c6cd4e8 100644
--- a/pkg/version/version.go
+++ b/pkg/version/version.go
@@ -62,7 +62,7 @@ func Get() string {
 	}
 
 	path := filepath.Join(os.Getenv("GOPATH") + versionFile)
-	vBytes, err := ioutil.ReadFile(path)
+	vBytes, err := ioutil.ReadFile(filepath.Clean(path))
 	if err != nil {
 		klog.Errorf("failed to get version: %s", err.Error())
 		return ""
@@ -81,7 +81,7 @@ func GetBuildMeta() string {
 	}
 
 	path := filepath.Join(os.Getenv("GOPATH") + buildMetaFile)
-	vBytes, err := ioutil.ReadFile(path)
+	vBytes, err := ioutil.ReadFile(filepath.Clean(path))
 	if err != nil {
 		klog.Errorf("failed to get build version: %s", err.Error())
 		return ""
diff --git a/pkg/zfs/mount.go b/pkg/zfs/mount.go
index 9aee842..9776b97 100644
--- a/pkg/zfs/mount.go
+++ b/pkg/zfs/mount.go
@@ -19,6 +19,7 @@ import (
 	"fmt"
 	"os"
 	"os/exec"
+	"path/filepath"
 
 	mnt "github.com/openebs/lib-csi/pkg/mount"
 	apis "github.com/openebs/zfs-localpv/pkg/apis/openebs.io/zfs/v1"
@@ -297,7 +298,7 @@ func MountBlock(vol *apis.ZFSVolume, mountinfo *MountInfo) error {
 }
 
 func makeFile(pathname string) error {
-	f, err := os.OpenFile(pathname, os.O_CREATE, os.FileMode(0644))
+	f, err := os.OpenFile(filepath.Clean(pathname), os.O_CREATE, os.FileMode(0644))
 	defer f.Close()
 	if err != nil {
 		if !os.IsExist(err) {