Docker/portainer
Docker/portainer
1
0
Fork 0
mirror of https://github.com/portainer/portainer.git synced 2025-07-22 23:09:41 +02:00
Code Issues Releases Activity

fix(filesystem): harden the filesystem service to avoid path traversal attacks EE-1922 (#5957)

Browse source 
fix(filesystem): harden the filesystem service to avoid path traversal attacks EE-1922
This commit is contained in:
andres-portainer 2021-11-01 08:01:03 -03:00 committed by GitHub
parent c763219f74
commit 28f71e486a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
21 changed files with 292 additions and 176 deletions
Download patch file Download diff file Expand all files Collapse all files

4
api/http/handler/stacks/create_swarm_stack.go
View file

@ -3,7 +3,6 @@ package stacks
import (
"fmt"
"net/http"
"path"
"strconv"
"time"
@ -399,8 +398,7 @@ func (handler *Handler) deploySwarmStack(config *swarmStackDeploymentConfig) err
if !settings.AllowBindMountsForRegularUsers && !isAdminOrEndpointAdmin {
for _, file := range append([]string{config.stack.EntryPoint}, config.stack.AdditionalFiles...) {
path := path.Join(config.stack.ProjectPath, file)
stackContent, err := handler.FileService.GetFileContent(path)
stackContent, err := handler.FileService.GetFileContent(config.stack.ProjectPath, file)
if err != nil {
return errors.WithMessage(err, "failed to get stack file content")
}