mirrors/nginx-ui
1
0
Fork 0
mirror of https://github.com/0xJacky/nginx-ui.git synced 2025-05-11 10:25:52 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

fix: uncontrolled data used in path expression

Browse source
This commit is contained in:
Jacky 2024-07-30 14:40:52 +08:00
parent 226827f21e
commit 013d810678
No known key found for this signature in database
GPG key ID: 215C21B10DF38B4D
7 changed files with 24 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

7
api/certificate/certificate.go
View file

@ -4,6 +4,7 @@ import (
"github.com/0xJacky/Nginx-UI/api"
"github.com/0xJacky/Nginx-UI/internal/cert"
"github.com/0xJacky/Nginx-UI/internal/cosy"
"github.com/0xJacky/Nginx-UI/internal/helper"
"github.com/0xJacky/Nginx-UI/internal/nginx"
"github.com/0xJacky/Nginx-UI/internal/notification"
"github.com/0xJacky/Nginx-UI/model"
@ -25,7 +26,8 @@ type APICertificate struct {
func Transformer(certModel *model.Cert) (certificate *APICertificate) {
var sslCertificationBytes, sslCertificationKeyBytes []byte
var certificateInfo *cert.Info
if certModel.SSLCertificatePath != "" {
if certModel.SSLCertificatePath != "" &&
helper.IsUnderDirectory(certModel.SSLCertificatePath, nginx.GetConfPath()) {
if _, err := os.Stat(certModel.SSLCertificatePath); err == nil {
sslCertificationBytes, _ = os.ReadFile(certModel.SSLCertificatePath)
if !cert.IsCertificate(string(sslCertificationBytes)) {
@ -36,7 +38,8 @@ func Transformer(certModel *model.Cert) (certificate *APICertificate) {
certificateInfo, _ = cert.GetCertInfo(certModel.SSLCertificatePath)
}
if certModel.SSLCertificateKeyPath != "" {
if certModel.SSLCertificateKeyPath != "" &&
helper.IsUnderDirectory(certModel.SSLCertificateKeyPath, nginx.GetConfPath()) {
if _, err := os.Stat(certModel.SSLCertificateKeyPath); err == nil {
sslCertificationKeyBytes, _ = os.ReadFile(certModel.SSLCertificateKeyPath)
if !cert.IsPrivateKey(string(sslCertificationKeyBytes)) {