fix(filepath): fixes of potential file inclusion via variable (#322)

Signed-off-by: nisarg1499 <nisshah1499@gmail.com>
2025-12-12 06:20:11 +01:00 · 2021-05-04 20:46:16 +05:30 · 2021-05-04 20:46:16 +05:30 · 0ebab22224
commit 0ebab22224
parent a8376796b7
2 changed files with 4 additions and 3 deletions
--- a/pkg/version/version.go
+++ b/pkg/version/version.go
@ -62,7 +62,7 @@ func Get() string {
 	}
 	path := filepath.Join(os.Getenv("GOPATH") + versionFile)
-	vBytes, err := ioutil.ReadFile(path)
+	vBytes, err := ioutil.ReadFile(filepath.Clean(path))
 	if err != nil {
 		klog.Errorf("failed to get version: %s", err.Error())
 		return ""
@ -81,7 +81,7 @@ func GetBuildMeta() string {
 	}
 	path := filepath.Join(os.Getenv("GOPATH") + buildMetaFile)
-	vBytes, err := ioutil.ReadFile(path)
+	vBytes, err := ioutil.ReadFile(filepath.Clean(path))
 	if err != nil {
 		klog.Errorf("failed to get build version: %s", err.Error())
 		return ""
--- a/pkg/zfs/mount.go
+++ b/pkg/zfs/mount.go
@ -19,6 +19,7 @@ import (
 	"fmt"
 	"os"
 	"os/exec"
 	"path/filepath"
 	mnt "github.com/openebs/lib-csi/pkg/mount"
 	apis "github.com/openebs/zfs-localpv/pkg/apis/openebs.io/zfs/v1"
@ -297,7 +298,7 @@ func MountBlock(vol *apis.ZFSVolume, mountinfo *MountInfo) error {
 }
 func makeFile(pathname string) error {
-	f, err := os.OpenFile(pathname, os.O_CREATE, os.FileMode(0644))
+	f, err := os.OpenFile(filepath.Clean(pathname), os.O_CREATE, os.FileMode(0644))
 	defer f.Close()
 	if err != nil {
 		if !os.IsExist(err) {