mirror of
https://github.com/argoproj/argo-cd
synced 2026-04-21 17:07:16 +00:00
26 lines
899 B
Go
26 lines
899 B
Go
//go:build linux
|
|
|
|
package files
|
|
|
|
import (
|
|
"fmt"
|
|
"os"
|
|
|
|
securejoin "github.com/cyphar/filepath-securejoin"
|
|
pathrs "github.com/cyphar/filepath-securejoin/pathrs-lite"
|
|
)
|
|
|
|
// SecureMkdirAll creates a directory with the given mode and returns the full path to the directory. It prevents
|
|
// directory traversal attacks by ensuring the path is within the root directory. The path is constructed as if the
|
|
// given root is the root of the filesystem. So anything traversing outside the root is simply removed from the path.
|
|
func SecureMkdirAll(root, unsafePath string, mode os.FileMode) (string, error) {
|
|
err := pathrs.MkdirAll(root, unsafePath, mode)
|
|
if err != nil {
|
|
return "", fmt.Errorf("failed to make directory: %w", err)
|
|
}
|
|
fullPath, err := securejoin.SecureJoin(root, unsafePath)
|
|
if err != nil {
|
|
return "", fmt.Errorf("failed to construct secure path: %w", err)
|
|
}
|
|
return fullPath, nil
|
|
}
|