Add base idea for denying write access to certain files; ref pterodactyl/panel#569

2021-01-10 16:33:39 -08:00
parent 3459c25be0
commit 2c1b211280
7 changed files with 61 additions and 14 deletions
--- a/server/filesystem/errors.go
+++ b/server/filesystem/errors.go
@@ -1,11 +1,12 @@
 package filesystem

 import (
-	"emperror.dev/errors"
 	"fmt"
-	"github.com/apex/log"
 	"os"
 	"path/filepath"
+
+	"emperror.dev/errors"
+	"github.com/apex/log"
 )

 type ErrorCode string
@@ -15,6 +16,7 @@ const (
 	ErrCodeDiskSpace      ErrorCode = "E_NODISK"
 	ErrCodeUnknownArchive ErrorCode = "E_UNKNFMT"
 	ErrCodePathResolution ErrorCode = "E_BADPATH"
+	ErrCodeDenylistFile   ErrorCode = "E_DENYLIST"
 )

 type Error struct {
@@ -32,6 +34,8 @@ func (e *Error) Error() string {
 		return "filesystem: not enough disk space"
 	case ErrCodeUnknownArchive:
 		return "filesystem: unknown archive format"
+	case ErrCodeDenylistFile:
+		return "filesystem: file access prohibited: denylist"
 	case ErrCodePathResolution:
 		r := e.resolved
 		if r == "" {