Commit Graph

977 Commits

Author SHA1 Message Date
Dane Everitt
244640d0c1
[security] remove "SafeJoin" function
This function was not actually safe in theory. If an unknown stat source was passed in it would be possible for a symlinked file to not be detected as a symlink, thus skipping any safe path resolutions.

This would happen if the stat source was a regular os.Stat call and not an os.Lstat call, but since there is no way to differentiate between those two in the code, it is safer to just manually apply this logic in the positions where we _know_ for certain that we're working with the results of an Lstat call.
2020-10-01 21:28:38 -07:00
Dane Everitt
e3e89a2ecc
Cover symlink attacks with test cases 2020-10-01 21:13:42 -07:00
Dane Everitt
90ae815b1d
Return tests to passing state 2020-10-01 20:40:25 -07:00
Dane Everitt
1fc15e82f1
Merge pull request #63 from pterodactyl/fix/diagnostics-logs
add log output to diagnostics cmd
2020-10-01 19:41:10 -07:00
Jakob Schrettenbrunner
3a83f65f27 add log output to diagnostics cmd 2020-10-01 23:04:58 +00:00
Jakob
37b09255d5
Merge pull request #62 from stanier/develop
Removed stray `.` in `./mnt/install`
2020-10-02 00:29:18 +02:00
Keyton Stanier
b92fab83c8 Removed stray . in ./mnt/install 2020-10-01 18:00:26 -04:00
Dane Everitt
367fdfad54
Simplify copy file logic 2020-09-30 21:53:50 -07:00
Dane Everitt
ee460686d6
Make delete more synchronous 2020-09-30 21:47:42 -07:00
Dane Everitt
9b7c0fb7f3
Steal tests from other branch that is being discarded, attempt to get at least one of them to pass; WIP 2020-09-30 21:46:32 -07:00
Dane Everitt
0f7bb1a371
Refactor filesystem to not be dependent on a server struct 2020-09-27 12:24:08 -07:00
Dane Everitt
de30e2fcc9
Dont attempt to get size within archive process, will return empty; ref pterodactyl/panel#2420
The stat call is operating against an unflushed file if called in the archive function, so you'll just get the emtpy archive size, rather than the final size.

Plus, we only used the file stat in one place, so slight efficiency win?
2020-09-27 11:16:38 -07:00
Dane Everitt
a0fa5a94b6
Support websocket event to send server stats; ref pterodactyl/panel#2414 2020-09-27 09:46:00 -07:00
Dane Everitt
3655b172f3
Send JWT errors as specific event type 2020-09-27 09:09:34 -07:00
Dane Everitt
4748d7cb29
Don't spam errors to the output if attempting to send a command to an unattached starting instance; closes pterodactyl/panel#2385 2020-09-26 17:35:11 -07:00
Dane Everitt
a20861fa8e
Write newline when editing files using the text parser; closes pterodactyl/panel#2393 2020-09-26 16:12:21 -07:00
Dane Everitt
62d0c7fa24
Mask errors from websocket being closed; closes pterodactyl/panel#2387 2020-09-26 16:10:32 -07:00
Dane Everitt
0b9ad3de05
More file size confirmations before performing some actions; closes pterodactyl/panel#2420 2020-09-26 16:02:41 -07:00
Dane Everitt
3391d5803e
Use same values between panel and wings when calculating disk 2020-09-25 20:31:33 -07:00
Dane Everitt
a3cb1b5ae0
Merge branch 'develop' of https://github.com/pterodactyl/wings into develop 2020-09-25 20:03:06 -07:00
Dane Everitt
fb24ad58b4
Don't allow a reinstall while server is processing a power action; closes pterodactyl/panel#2409 2020-09-25 20:03:04 -07:00
Dane Everitt
ae5005baa3
Don't log disk space errors 2020-09-25 20:02:38 -07:00
Jakob Schrettenbrunner
f79868ff6c why tf do we create docker clients in two locations... 2020-09-26 04:31:43 +02:00
Dane Everitt
60211271b2
Merge branch 'develop' of https://github.com/pterodactyl/wings into develop 2020-09-25 19:23:37 -07:00
Dane Everitt
2cc06e0528
closes pterodactyl/panel#2413 2020-09-25 19:23:31 -07:00
Jakob
6cbcfece8e
enable client version negotiation for docker env (#61)
* enable client version negotiation for docker env

* derp

* another try
2020-09-25 19:19:27 -07:00
Dane Everitt
7646c27c5a
Update README.md 2020-09-24 21:26:17 -07:00
Dane Everitt
7624502ec4
Don't swap the int and cause a negative disk space... closes pterodactyl/panel#2401 2020-09-24 21:19:46 -07:00
Dane Everitt
bf1233def4
Don't ignore disk space limits when copying/archiving; closes pterodactyl/panel#2400 2020-09-24 21:18:10 -07:00
Matthew Penner
1a3ba9efca Better handle readdirent errors 2020-09-24 21:48:59 -06:00
Dane Everitt
897c4869de
Return a nicer error if the file name is too long; closes pterodactyl/panel#2403 2020-09-24 20:02:42 -07:00
Dane Everitt
f0a4efb242
Attempt to create directory structure for config file if missing 2020-09-22 21:01:50 -07:00
Dane Everitt
342c3ea565
Do not panic if there is no text on the line; closes pterodactyl/panel#2369 2020-09-22 21:01:32 -07:00
Dane Everitt
522c6c17e4
Merge branch 'develop' of https://github.com/pterodactyl/wings into develop 2020-09-22 20:41:16 -07:00
Dane Everitt
d8cd8ae36a
Don't treat certain "expected" errors from the filesystem as 500 errors; closes pterodactyl/panel#2376 2020-09-22 20:41:14 -07:00
Matthew Penner
62d5248b0c Remove stacktrace from image exists locally warning 2020-09-20 14:20:42 -06:00
Matthew Penner
ff597672db Fix #2380 2020-09-20 12:51:12 -06:00
Matthew Penner
aa39cefcf1 Fix AllowedMounts value from potentially being overwritten remotely 2020-09-17 21:59:41 -06:00
Charles Morgan
033e8e7573
Add GoReportcard badge (#57)
Adds GoReportcard Badge
2020-09-17 20:48:09 -07:00
Michael (Parker) Parker
aa78071543
update docker configs (#50)
* update docker configs

dockerfile with an updated start command

docker-compose file adds custom network name so it can be used in firewalld commands.

* update compose file

mount changes
remove /srv/daemon-data
remove /etc/timezone

variable changes
add TZ

* add note about old data folder.

* update to go 1.15

Update base image to go version 1.15
2020-09-17 20:48:01 -07:00
Dane Everitt
48aeeff818
Merge branch 'develop' of https://github.com/pterodactyl/wings into develop 2020-09-17 20:45:19 -07:00
Dane Everitt
864c37f17c
Use 2k lines as the per loop limit 2020-09-17 20:45:13 -07:00
Matthew Penner
c7405aebe5
Update release.yml to use go1.15.2 2020-09-17 21:39:48 -06:00
Matthew Penner
9ff2d53466
Update build-test.yml to use go1.15.2 2020-09-17 21:39:20 -06:00
Dane Everitt
6ba49df485
Protect against zip bombs; closes pterodactyl/panel#883 2020-09-17 20:37:34 -07:00
Dane Everitt
6b25ac3665
Fix websocket error spam; only send known JWT issues along to the socket itself, not to wings console; closes pterodactyl/panel#2354 2020-09-17 20:30:51 -07:00
Dane Everitt
783832fc71
Set the docker image correctly when a server is updated; closes pterodactyl/panel#2356 2020-09-17 20:20:39 -07:00
Dane Everitt
815539b3da
Fix log rotation error due to missing templates dir in compiled build 2020-09-17 20:16:27 -07:00
Dane Everitt
6ba1b75696
Add console throttling; closes pterodactyl/panel#2214 (#60) 2020-09-17 20:13:04 -07:00
Dane Everitt
ce76b9339e
better error handling for busy files; closes pterodactyl/panel#2332 2020-09-15 19:53:00 -07:00