generated from okp4/template-oss
-
Notifications
You must be signed in to change notification settings - Fork 119
/
filtered_fs.go
53 lines (45 loc) 路 1.42 KB
/
filtered_fs.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
package fs
import (
"io/fs"
"net/url"
"github.com/okp4/okp4d/v7/x/logic/util"
)
// FilteredFS is a wrapper around a fs.FS that filters out files that are not allowed to be read.
// This is used to prevent the interpreter from reading files, using protocols that are not allowed to be used
// by the interpreter on the blockchain.
// The whitelist and blacklist are mutually exclusive. If both are set, the blacklist will be ignored.
type FilteredFS struct {
decorated fs.FS
whitelist []*url.URL
blacklist []*url.URL
}
var _ fs.FS = (*FilteredFS)(nil)
// NewFilteredFS returns a new FilteredFS object that will filter out files that are not allowed to be read
// according to the whitelist and blacklist parameters.
func NewFilteredFS(whitelist, blacklist []*url.URL, decorated fs.FS) *FilteredFS {
return &FilteredFS{
decorated: decorated,
whitelist: whitelist,
blacklist: blacklist,
}
}
// Open opens the named file.
// The name parameter is a URL that will be parsed and checked against the whitelist and blacklist configured.
func (f *FilteredFS) Open(name string) (fs.File, error) {
urlFile, err := url.Parse(name)
if err != nil {
return nil, &fs.PathError{
Op: "open",
Path: name,
Err: err,
}
}
if !util.WhitelistBlacklistMatches(f.whitelist, f.blacklist, util.URLMatches)(urlFile) {
return nil, &fs.PathError{
Op: "open",
Path: name,
Err: fs.ErrPermission,
}
}
return f.decorated.Open(name)
}