Docker/portainer
Docker/portainer
1
0
Fork 0
mirror of https://github.com/portainer/portainer.git synced 2025-07-25 00:09:40 +02:00
Code Issues Releases Activity

fix(filesystem): harden the filesystem service to avoid path traversal attacks EE-1922 (#5957)

Browse source 
fix(filesystem): harden the filesystem service to avoid path traversal attacks EE-1922
This commit is contained in:
andres-portainer 2021-11-01 08:01:03 -03:00 committed by GitHub
parent c763219f74
commit 28f71e486a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
21 changed files with 292 additions and 176 deletions
Download patch file Download diff file Expand all files Collapse all files

5
api/http/handler/templates/template_file.go
View file

@ -4,7 +4,6 @@ import (
"errors"
"log"
"net/http"
"path"
"github.com/asaskevich/govalidator"
httperror "github.com/portainer/libhttp/error"
@ -68,9 +67,7 @@ func (handler *Handler) templateFile(w http.ResponseWriter, r *http.Request) *ht
return &httperror.HandlerError{http.StatusInternalServerError, "Unable to clone git repository", err}
}
composeFilePath := path.Join(projectPath, payload.ComposeFilePathInRepository)
fileContent, err := handler.FileService.GetFileContent(composeFilePath)
fileContent, err := handler.FileService.GetFileContent(projectPath, payload.ComposeFilePathInRepository)
if err != nil {
return &httperror.HandlerError{http.StatusInternalServerError, "Failed loading file content", err}
}