Fix security scans by cleaning up file path (#5185)

While performing security scans there were several issue raised as G304 (CWE-22): Potential file inclusion via variable. As some files path are taken from user input, it is possible the filepath passed by user may have unintended effect if not properly formed. This fix add Clean to remove the security warning and address some potential issue. Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
author: Yong Tang <yong.tang.github@outlook.com> 2022-02-14 08:24:21 -0800
committer: GitHub <noreply@github.com> 2022-02-14 11:24:21 -0500
commit: c6709d930f71d64dc3b5d1a15943e5c927e808cc (patch)
tree: 2816c901cdfcc3818c43a3bc972e5804a90ca34a /plugin/pkg/tls/tls.go
parent: b40f2a0a44316ed91bbc5f42fe03819c0f1f98a7 (diff)
download: coredns-c6709d930f71d64dc3b5d1a15943e5c927e808cc.tar.gz
coredns-c6709d930f71d64dc3b5d1a15943e5c927e808cc.tar.zst
coredns-c6709d930f71d64dc3b5d1a15943e5c927e808cc.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/plugin/pkg/tls/tls.go b/plugin/pkg/tls/tls.go
index dae509204..8d36d6823 100644
--- a/plugin/pkg/tls/tls.go
+++ b/plugin/pkg/tls/tls.go
@@ -7,6 +7,7 @@ import (
 	"net"
 	"net/http"
 	"os"
+	"path/filepath"
 	"time"
 )
 
@@ -95,7 +96,7 @@ func loadRoots(caPath string) (*x509.CertPool, error) {
 	}
 
 	roots := x509.NewCertPool()
-	pem, err := os.ReadFile(caPath)
+	pem, err := os.ReadFile(filepath.Clean(caPath))
 	if err != nil {
 		return nil, fmt.Errorf("error reading %s: %s", caPath, err)
 	}
author	Yong Tang <yong.tang.github@outlook.com>	2022-02-14 08:24:21 -0800
committer	GitHub <noreply@github.com>	2022-02-14 11:24:21 -0500
commit	c6709d930f71d64dc3b5d1a15943e5c927e808cc (patch)
tree	2816c901cdfcc3818c43a3bc972e5804a90ca34a /plugin/pkg/tls/tls.go
parent	b40f2a0a44316ed91bbc5f42fe03819c0f1f98a7 (diff)
download	coredns-c6709d930f71d64dc3b5d1a15943e5c927e808cc.tar.gz coredns-c6709d930f71d64dc3b5d1a15943e5c927e808cc.tar.zst coredns-c6709d930f71d64dc3b5d1a15943e5c927e808cc.zip