External/nuclei
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei.git synced 2025-12-18 05:55:26 +00:00
Code Issues Packages Projects Releases Wiki Activity
nuclei/v2/pkg/protocols/common/protocolstate/file.go

43 lines
1.3 KiB
Go
Raw Normal View History

add 'fs' module to javascript protocol (#4156) * rebase js-layer PR from @ice3man543 * package restructuring * working * fix duplicated event & matcher status * fix lint error * fix response field * add new functions * multiple minor improvements * fix incorrect stats in js protocol * sort output metadata in cli * remove temp files * remove dead code * add unit and integration test * fix lint error * add jsdoclint using llm * fix error in test * add js lint using llm * generate docs of libs * llm lint * remove duplicated docs * update generated docs * update prompt in doclint * update docs * temp disable version check test * fix unit test and add retry * fix panic in it * update and move jsdocs * updated jsdocs * update docs * update container platform in test * dir restructure and adding docs * add api_reference and remove markdown docs * fix imports * add javascript design and contribution docs * add js protocol documentation * update integration test and docs * update doc ext mdx->md * minor update to docs * new integration test and more * move go libs and add docs * gen new net docs and more * final docs update * add new devtool * use fastdialer * fix build fail * use fastdialer + network sandbox support * add reserved keyword 'Port' * update Port to new syntax * misc update * always enable templatectx in js protocol * move docs to 'js-proto-docs' repo * remove scrapefuncs binary * add fs library * add fs module * add init code block and 'updatePayload' * use go native func for isPortOpen * docgen improvements + 'fs' module docs * update func signature and more * prompt improvements * fix inconsitencies in jsdocs * remove debug statements --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2023-09-26 16:55:25 +05:30
package protocolstate
import (
"path/filepath"
"github.com/projectdiscovery/nuclei/v2/pkg/catalog/config"
errorutil "github.com/projectdiscovery/utils/errors"
fileutil "github.com/projectdiscovery/utils/file"
)
var (
// lfaAllowed means local file access is allowed
lfaAllowed bool
)
// Normalizepath normalizes path and returns absolute path
// it returns error if path is not allowed
// this respects the sandbox rules and only loads files from
// allowed directories
func NormalizePath(filePath string) (string, error) {
filePath = filepath.Clean(filePath)
templateDirectory := config.DefaultConfig.TemplatesDirectory
tmpPath := filepath.Join(templateDirectory, filePath)
var err error
tmpPath, err = filepath.Abs(tmpPath)
if err != nil {
return "", errorutil.NewWithErr(err).Msgf("could not get absolute path of %v", tmpPath)
}
// first try to resolve this path with 'nuclei-templates' directory as base
if fileutil.FileOrFolderExists(tmpPath) {
// this is a valid and allowed path
return tmpPath, nil
}
// for security reasons , access to files outside nuclei-templates directory is not allowed
// even current working directory is not allowed
// when lfa is allowed any path is allowed
if lfaAllowed {
return filePath, nil
}
return "", errorutil.New("path %v is outside nuclei-template directory and -lfa is not enabled", filePath)
}
Reference in New Issue Copy Permalink