MCorange/wings
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
729 Commits 42 Branches 73 Tags 43 MiB
Commit Graph

7 Commits

Author SHA1 Message Date
Dane Everitt
244640d0c1
[security] remove "SafeJoin" function 
This function was not actually safe in theory. If an unknown stat source was passed in it would be possible for a symlinked file to not be detected as a symlink, thus skipping any safe path resolutions.

This would happen if the stat source was a regular os.Stat call and not an os.Lstat call, but since there is no way to differentiate between those two in the code, it is safer to just manually apply this logic in the positions where we _know_ for certain that we're working with the results of an Lstat call.
 2020-10-01 21:28:38 -07:00
Dane Everitt
e3e89a2ecc
Cover symlink attacks with test cases 2020-10-01 21:13:42 -07:00
Dane Everitt
90ae815b1d
Return tests to passing state 2020-10-01 20:40:25 -07:00
Dane Everitt
367fdfad54
Simplify copy file logic 2020-09-30 21:53:50 -07:00
Dane Everitt
ee460686d6
Make delete more synchronous 2020-09-30 21:47:42 -07:00
Dane Everitt
9b7c0fb7f3
Steal tests from other branch that is being discarded, attempt to get at least one of them to pass; WIP 2020-09-30 21:46:32 -07:00
Dane Everitt
0f7bb1a371
Refactor filesystem to not be dependent on a server struct 2020-09-27 12:24:08 -07:00