From d7385218659e2eb3d3948fafab5c46782809bb17 Mon Sep 17 00:00:00 2001
From: Jaime Martinez <jmartinez@gitlab.com>
Date: Wed, 14 Apr 2021 12:00:34 +1000
Subject: Return early if allowedPath is the root dir

---
 internal/httpfs/http_fs.go | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'internal')

diff --git a/internal/httpfs/http_fs.go b/internal/httpfs/http_fs.go
index 1e9dff1c..17518301 100644
--- a/internal/httpfs/http_fs.go
+++ b/internal/httpfs/http_fs.go
@@ -83,6 +83,13 @@ func (p *fileSystemPaths) Open(name string) (http.File, error) {
 		return nil, err
 	}
 	for _, allowedPath := range p.allowedPaths {
+		// filepath.Abs(allowedPath) in NewFileSystemPath resolves an allowedPath to be `/` when
+		// chrootPath == allowedPath, so we need to return early if in chroot
+		//and we have stripped p.chrootPath from absPath && allowedPath
+		if p.chrootPath != "" && allowedPath == "/" {
+			return os.Open(absPath)
+		}
+
 		if strings.HasPrefix(absPath, allowedPath+"/") {
 			return os.Open(absPath)
 		}
-- 
cgit v1.2.3