Commit Graph

20 Commits

Author SHA1 Message Date
Dane Everitt
67ecbd667a
Minor improvements to logic around decompression 2021-01-16 11:48:30 -08:00
Dane Everitt
2c1b211280
Add base idea for denying write access to certain files; ref pterodactyl/panel#569 2021-01-10 16:33:39 -08:00
Dane Everitt
c228acaafc
Massive refactor of SFTP system now that it is deeply integrated with Wings 2021-01-10 14:25:39 -08:00
Matthew Penner
a4c8b8714b Bump all dependencies 2020-12-27 11:49:08 -07:00
Dane Everitt
59c30c2842
Fix use of atomics in codebase 2020-12-25 17:04:18 -08:00
Dane Everitt
d96115325a
Add file helper 2020-12-25 13:57:26 -08:00
Dane Everitt
c718da20e3
Check disk space before trying a write from the downloader; don't make empty directories if we can't even write the file 2020-12-20 11:17:53 -08:00
Dane Everitt
59a111de39
Invite our lord and savior emperror back to the table 2020-12-15 21:56:53 -08:00
Dane Everitt
3a26a5d39d
Convert all filesystem error types into the same Error struct 2020-12-15 20:51:13 -08:00
Matthew Penner
f62f714863 Add chmod endpoint to server files 2020-11-29 13:07:45 -07:00
Matthew Penner
de51fd1c51
Error handling improvements (#71)
* Remove `emperror.dev/errors`, remove all `errors#Wrap` and `errors#WithStack` calls
* Improve logging in `server/backup.go`
2020-11-28 16:57:10 -07:00
Dane Everitt
68bdcb3cbc
Fix error handling and get tests back to working 2020-11-08 15:15:39 -08:00
Dane Everitt
be9d1a3986
Replace error handling package with emperror; add better reporting for errors escaping server root 2020-11-08 13:52:20 -08:00
Dane Everitt
244640d0c1
[security] remove "SafeJoin" function
This function was not actually safe in theory. If an unknown stat source was passed in it would be possible for a symlinked file to not be detected as a symlink, thus skipping any safe path resolutions.

This would happen if the stat source was a regular os.Stat call and not an os.Lstat call, but since there is no way to differentiate between those two in the code, it is safer to just manually apply this logic in the positions where we _know_ for certain that we're working with the results of an Lstat call.
2020-10-01 21:28:38 -07:00
Dane Everitt
e3e89a2ecc
Cover symlink attacks with test cases 2020-10-01 21:13:42 -07:00
Dane Everitt
90ae815b1d
Return tests to passing state 2020-10-01 20:40:25 -07:00
Dane Everitt
367fdfad54
Simplify copy file logic 2020-09-30 21:53:50 -07:00
Dane Everitt
ee460686d6
Make delete more synchronous 2020-09-30 21:47:42 -07:00
Dane Everitt
9b7c0fb7f3
Steal tests from other branch that is being discarded, attempt to get at least one of them to pass; WIP 2020-09-30 21:46:32 -07:00
Dane Everitt
0f7bb1a371
Refactor filesystem to not be dependent on a server struct 2020-09-27 12:24:08 -07:00