From b10e4dd43754ce447005acd08994b4d779bd2e30 Mon Sep 17 00:00:00 2001
From: Dane Everitt <dane@daneeveritt.com>
Date: Sun, 10 Jan 2021 16:43:33 -0800
Subject: [PATCH] Better error handling for access to denylist files

---
 router/error.go             | 18 ++++++++++--------
 server/filesystem/errors.go |  6 +++++-
 2 files changed, 15 insertions(+), 9 deletions(-)

diff --git a/router/error.go b/router/error.go
index f56876a..7503f89 100644
--- a/router/error.go
+++ b/router/error.go
@@ -122,20 +122,22 @@ func (e *RequestError) Abort(c *gin.Context) {
 // Looks at the given RequestError and determines if it is a specific filesystem error that
 // we can process and return differently for the user.
 func (e *RequestError) getAsFilesystemError() (int, string) {
-	err := errors.Unwrap(e.err)
-	if err == nil {
-		return 0, ""
-	}
-	if errors.Is(err, os.ErrNotExist) || filesystem.IsErrorCode(err, filesystem.ErrCodePathResolution) {
+	if filesystem.IsErrorCode(e.err, filesystem.ErrCodePathResolution) || errors.Is(e.err, os.ErrNotExist) {
 		return http.StatusNotFound, "The requested resource was not found on the system."
 	}
-	if filesystem.IsErrorCode(err, filesystem.ErrCodeDiskSpace) {
+	if filesystem.IsErrorCode(e.err, filesystem.ErrCodeDiskSpace) {
 		return http.StatusConflict, "There is not enough disk space available to perform that action."
 	}
-	if strings.HasSuffix(err.Error(), "file name too long") {
+	if filesystem.IsErrorCode(e.err, filesystem.ErrCodeDenylistFile) {
+		return http.StatusForbidden, "This file cannot be modified: present in egg denylist."
+	}
+	if filesystem.IsErrorCode(e.err, filesystem.ErrCodeIsDirectory) {
+		return http.StatusBadRequest, "Cannot perform that action: file is a directory."
+	}
+	if strings.HasSuffix(e.err.Error(), "file name too long") {
 		return http.StatusBadRequest, "Cannot perform that action: file name is too long."
 	}
-	if e, ok := err.(*os.SyscallError); ok && e.Syscall == "readdirent" {
+	if e, ok := e.err.(*os.SyscallError); ok && e.Syscall == "readdirent" {
 		return http.StatusNotFound, "The requested directory does not exist."
 	}
 	return 0, ""
diff --git a/server/filesystem/errors.go b/server/filesystem/errors.go
index bb3f1af..4cc9929 100644
--- a/server/filesystem/errors.go
+++ b/server/filesystem/errors.go
@@ -35,7 +35,11 @@ func (e *Error) Error() string {
 	case ErrCodeUnknownArchive:
 		return "filesystem: unknown archive format"
 	case ErrCodeDenylistFile:
-		return "filesystem: file access prohibited: denylist"
+		r := e.resolved
+		if r == "" {
+			r = "<empty>"
+		}
+		return fmt.Sprintf("filesystem: file access prohibited: [%s] is on the denylist", r)
 	case ErrCodePathResolution:
 		r := e.resolved
 		if r == "" {