diff options
author | Bjørn Erik Pedersen <bjorn.erik.pedersen@gmail.com> | 2019-07-25 01:12:40 +0300 |
---|---|---|
committer | Bjørn Erik Pedersen <bjorn.erik.pedersen@gmail.com> | 2019-07-25 12:27:25 +0300 |
commit | e5f229974166402f51e4ee0695ffb4d1e09fa174 (patch) | |
tree | 44dc7adc4fd02cb563583afaff6ddaa781821e2f /hugofs/walk.go | |
parent | 87a07282a2f01779e098cde0aaee1bae34dc32e6 (diff) |
Block symlink dir traversal for /static
This is in line with how it behaved before, but it was lifted a little for the project mount for Hugo Modules,
but that could create hard-to-detect loops.
Diffstat (limited to 'hugofs/walk.go')
-rw-r--r-- | hugofs/walk.go | 23 |
1 files changed, 18 insertions, 5 deletions
diff --git a/hugofs/walk.go b/hugofs/walk.go index eca746737..6947660c8 100644 --- a/hugofs/walk.go +++ b/hugofs/walk.go @@ -121,8 +121,7 @@ func (w *Walkway) Walk() error { return nil } - if err == ErrPermissionSymlink { - w.logger.WARN.Printf("Unsupported symlink found in %q, skipping.", w.root) + if w.checkErr(w.root, err) { return nil } @@ -149,6 +148,19 @@ func lstatIfPossible(fs afero.Fs, path string) (os.FileInfo, bool, error) { return fi, false, err } +// checkErr returns true if the error is handled. +func (w *Walkway) checkErr(filename string, err error) bool { + if err == ErrPermissionSymlink { + logUnsupportedSymlink(filename, w.logger) + return true + } + return false +} + +func logUnsupportedSymlink(filename string, logger *loggers.Logger) { + logger.WARN.Printf("Unsupported symlink found in %q, skipping.", filename) +} + // walk recursively descends path, calling walkFn. // It follow symlinks if supported by the filesystem, but only the same path once. func (w *Walkway) walk(path string, info FileMetaInfo, dirEntries []FileMetaInfo, walkFn WalkFunc) error { @@ -168,16 +180,17 @@ func (w *Walkway) walk(path string, info FileMetaInfo, dirEntries []FileMetaInfo if dirEntries == nil { f, err := w.fs.Open(path) - if err != nil { + if w.checkErr(path, err) { + return nil + } return walkFn(path, info, errors.Wrapf(err, "walk: open %q (%q)", path, w.root)) } fis, err := f.Readdir(-1) f.Close() if err != nil { - if err == ErrPermissionSymlink { - w.logger.WARN.Printf("Unsupported symlink found in %q, skipping.", filename) + if w.checkErr(filename, err) { return nil } return walkFn(path, info, errors.Wrap(err, "walk: Readdir")) |