diff options
| author |  Yong Tang <yong.tang.github@outlook.com>
| 2022-02-14 08:24:21 -0800 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2022-02-14 11:24:21 -0500 |
| commit | c6709d930f71d64dc3b5d1a15943e5c927e808cc (patch) | |
| tree | 2816c901cdfcc3818c43a3bc972e5804a90ca34a /plugin/file/reload.go | |
| parent | b40f2a0a44316ed91bbc5f42fe03819c0f1f98a7 (diff) | |
| download | coredns-c6709d930f71d64dc3b5d1a15943e5c927e808cc.tar.gz coredns-c6709d930f71d64dc3b5d1a15943e5c927e808cc.tar.zst coredns-c6709d930f71d64dc3b5d1a15943e5c927e808cc.zip | |
Fix security scans by cleaning up file path (#5185)
While performing security scans there were several
issue raised as G304 (CWE-22): Potential file inclusion via variable.
As some files path are taken from user input, it is possible the
filepath passed by user may have unintended effect if not properly formed.
This fix add Clean to remove the security warning and address some
potential issue.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Diffstat (limited to 'plugin/file/reload.go')
| -rw-r--r-- | plugin/file/reload.go | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/plugin/file/reload.go b/plugin/file/reload.go index a154c0467..cdb50f439 100644 --- a/plugin/file/reload.go +++ b/plugin/file/reload.go @@ -2,6 +2,7 @@ package file import ( "os" + "path/filepath" "time" "github.com/coredns/coredns/plugin/transfer" @@ -19,7 +20,7 @@ func (z *Zone) Reload(t *transfer.Transfer) error { select { case <-tick.C: zFile := z.File() - reader, err := os.Open(zFile) + reader, err := os.Open(filepath.Clean(zFile)) if err != nil { log.Errorf("Failed to open zone %q in %q: %v", z.origin, zFile, err) continue |