-
Notifications
You must be signed in to change notification settings - Fork 45
/
symlink.go
45 lines (40 loc) · 1.16 KB
/
symlink.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
// Copyright 2020 VMware, Inc.
// SPDX-License-Identifier: Apache-2.0
package directory
import (
"fmt"
"io/fs"
"os"
"path/filepath"
"strings"
)
// ValidateSymlinks enforces that symlinks inside the given path resolve to inside the path
func ValidateSymlinks(path string) error {
absRoot, err := filepath.Abs(path)
if err != nil {
return err
}
rootSegments := strings.Split(absRoot, string(os.PathSeparator))
return filepath.WalkDir(path, func(path string, info fs.DirEntry, err error) error {
if info.Type()&os.ModeSymlink == os.ModeSymlink {
resolvedPath, err := filepath.EvalSymlinks(path)
if err != nil {
return fmt.Errorf("Unable to resolve symlink: %w", err)
}
absPath, err := filepath.Abs(resolvedPath)
if err != nil {
return err
}
pathSegments := strings.Split(absPath, string(os.PathSeparator))
if len(rootSegments) > len(pathSegments) {
return fmt.Errorf("Invalid symlink found to outside parent directory: %q", absPath)
}
for i, segment := range rootSegments {
if pathSegments[i] != segment {
return fmt.Errorf("Invalid symlink found to outside parent directory: %q", absPath)
}
}
}
return nil
})
}