Skip to content

Commit

Permalink
fix: fix the delete file vulnerability issue (#1174)
Browse files Browse the repository at this point in the history
  • Loading branch information
qianxi0410 committed Sep 30, 2022
1 parent 3128e68 commit 645c631
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions object/storage.go
Original file line number Diff line number Diff line change
Expand Up @@ -127,6 +127,11 @@ func UploadFileSafe(provider *Provider, fullFilePath string, fileBuffer *bytes.B
}

func DeleteFile(provider *Provider, objectKey string) error {
// check fullFilePath is there security issue
if strings.Contains(objectKey, "..") {
return fmt.Errorf("the objectKey: %s is not allowed", objectKey)
}

endpoint := getProviderEndpoint(provider)
storageProvider := storage.GetStorageProvider(provider.Type, provider.ClientId, provider.ClientSecret, provider.RegionId, provider.Bucket, endpoint)
if storageProvider == nil {
Expand Down

0 comments on commit 645c631

Please sign in to comment.