beenull/raspap-webgui-mirror
1
0
Fork 0
mirror of https://github.com/RaspAP/raspap-webgui.git synced 2024-11-22 07:30:23 +00:00
Code Issues Projects Releases Packages Wiki Activity

Revert "Sanitize path to prevent directory traversal"

Browse source 
This reverts commit 2cdf6ef53e.
This commit is contained in:
billz 2024-03-08 11:27:44 +01:00
parent 2cdf6ef53e
commit 79d33db2bf
2 changed files with 7 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored
View file

@ -5,3 +5,4 @@ yarn-error.log
includes/config.php includes/config.php
rootCA.pem rootCA.pem
vendor vendor
.env

16
api/modules/wireguard.py
View file

@ -1,6 +1,5 @@
import subprocess import subprocess
import re import re
import os
def configs(): def configs():
#ignore symlinks, because wg0.conf is in production the main config, but in insiders it is a symlink #ignore symlinks, because wg0.conf is in production the main config, but in insiders it is a symlink
@ -25,16 +24,13 @@ def client_config_list(client_config):
if not re.match(pattern, client_config): if not re.match(pattern, client_config):
raise ValueError("Invalid client_config") raise ValueError("Invalid client_config")
# sanitize path to prevent directory traversal config_path = f"/etc/wireguard/{client_config}"
client_config = os.path.basename(client_config) try:
with open(config_path, 'r') as f:
config_path = os.path.join("/etc/wireguard/", client_config) output = f.read().strip()
if not os.path.exists(config_path): return output.split('\n')
except FileNotFoundError:
raise FileNotFoundError("Client configuration file not found") raise FileNotFoundError("Client configuration file not found")
with open(config_path, 'r') as f:
output = f.read().strip()
return output.split('\n')
#TODO: where is the logfile?? #TODO: where is the logfile??
#TODO: is service connected? #TODO: is service connected?