2023-06-22 15:53:10 +00:00
|
|
|
package utils
|
|
|
|
|
|
|
|
import (
|
|
|
|
"fmt"
|
2024-04-19 02:40:18 +00:00
|
|
|
"os"
|
2023-06-22 15:53:10 +00:00
|
|
|
"path/filepath"
|
2024-02-18 10:12:02 +00:00
|
|
|
"strings"
|
2023-06-22 15:53:10 +00:00
|
|
|
)
|
|
|
|
|
2024-04-19 02:40:18 +00:00
|
|
|
func ExistsInPath(path string, s string) bool {
|
|
|
|
_, err := os.Stat(filepath.Join(path, s))
|
|
|
|
return err == nil
|
|
|
|
}
|
|
|
|
|
2024-06-05 06:45:24 +00:00
|
|
|
func InTrustedRoot(path string, trustedRoot string) error {
|
2023-06-22 15:53:10 +00:00
|
|
|
for path != "/" {
|
|
|
|
path = filepath.Dir(path)
|
|
|
|
if path == trustedRoot {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return fmt.Errorf("path is outside of trusted root")
|
|
|
|
}
|
|
|
|
|
|
|
|
// VerifyPath verifies that path is based in basePath.
|
|
|
|
func VerifyPath(path, basePath string) error {
|
|
|
|
c := filepath.Clean(filepath.Join(basePath, path))
|
2024-06-05 06:45:24 +00:00
|
|
|
return InTrustedRoot(c, filepath.Clean(basePath))
|
2023-06-22 15:53:10 +00:00
|
|
|
}
|
2024-02-18 10:12:02 +00:00
|
|
|
|
|
|
|
// SanitizeFileName sanitizes the given filename
|
|
|
|
func SanitizeFileName(fileName string) string {
|
|
|
|
// filepath.Clean to clean the path
|
|
|
|
cleanName := filepath.Clean(fileName)
|
|
|
|
// filepath.Base to ensure we only get the final element, not any directory path
|
|
|
|
baseName := filepath.Base(cleanName)
|
|
|
|
// Replace any remaining tricky characters that might have survived cleaning
|
|
|
|
safeName := strings.ReplaceAll(baseName, "..", "")
|
|
|
|
return safeName
|
|
|
|
}
|
2024-08-24 00:20:28 +00:00
|
|
|
|
|
|
|
func GenerateUniqueFileName(dir, baseName, ext string) string {
|
|
|
|
counter := 1
|
|
|
|
fileName := baseName + ext
|
|
|
|
|
|
|
|
for {
|
|
|
|
filePath := filepath.Join(dir, fileName)
|
|
|
|
_, err := os.Stat(filePath)
|
|
|
|
if os.IsNotExist(err) {
|
|
|
|
return fileName
|
|
|
|
}
|
|
|
|
|
|
|
|
counter++
|
|
|
|
fileName = fmt.Sprintf("%s_%d%s", baseName, counter, ext)
|
|
|
|
}
|
|
|
|
}
|