mirror of
https://github.com/projectdiscovery/nuclei.git
synced 2025-12-22 18:15:28 +00:00
39d094075b
* rebase js-layer PR from @ice3man543 * package restructuring * working * fix duplicated event & matcher status * fix lint error * fix response field * add new functions * multiple minor improvements * fix incorrect stats in js protocol * sort output metadata in cli * remove temp files * remove dead code * add unit and integration test * fix lint error * add jsdoclint using llm * fix error in test * add js lint using llm * generate docs of libs * llm lint * remove duplicated docs * update generated docs * update prompt in doclint * update docs * temp disable version check test * fix unit test and add retry * fix panic in it * update and move jsdocs * updated jsdocs * update docs * update container platform in test * dir restructure and adding docs * add api_reference and remove markdown docs * fix imports * add javascript design and contribution docs * add js protocol documentation * update integration test and docs * update doc ext mdx->md * minor update to docs * new integration test and more * move go libs and add docs * gen new net docs and more * final docs update * add new devtool * use fastdialer * fix build fail * use fastdialer + network sandbox support * add reserved keyword 'Port' * update Port to new syntax * misc update * always enable templatectx in js protocol * move docs to 'js-proto-docs' repo * remove scrapefuncs binary * add fs library * add fs module * add init code block and 'updatePayload' * use go native func for isPortOpen * docgen improvements + 'fs' module docs * update func signature and more * prompt improvements * fix inconsitencies in jsdocs * remove debug statements --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
43 lines
1.3 KiB
Go
43 lines
1.3 KiB
Go
package protocolstate
|
|
|
|
import (
|
|
"path/filepath"
|
|
|
|
"github.com/projectdiscovery/nuclei/v2/pkg/catalog/config"
|
|
errorutil "github.com/projectdiscovery/utils/errors"
|
|
fileutil "github.com/projectdiscovery/utils/file"
|
|
)
|
|
|
|
var (
|
|
// lfaAllowed means local file access is allowed
|
|
lfaAllowed bool
|
|
)
|
|
|
|
// Normalizepath normalizes path and returns absolute path
|
|
// it returns error if path is not allowed
|
|
// this respects the sandbox rules and only loads files from
|
|
// allowed directories
|
|
func NormalizePath(filePath string) (string, error) {
|
|
filePath = filepath.Clean(filePath)
|
|
templateDirectory := config.DefaultConfig.TemplatesDirectory
|
|
|
|
tmpPath := filepath.Join(templateDirectory, filePath)
|
|
var err error
|
|
tmpPath, err = filepath.Abs(tmpPath)
|
|
if err != nil {
|
|
return "", errorutil.NewWithErr(err).Msgf("could not get absolute path of %v", tmpPath)
|
|
}
|
|
// first try to resolve this path with 'nuclei-templates' directory as base
|
|
if fileutil.FileOrFolderExists(tmpPath) {
|
|
// this is a valid and allowed path
|
|
return tmpPath, nil
|
|
}
|
|
// for security reasons , access to files outside nuclei-templates directory is not allowed
|
|
// even current working directory is not allowed
|
|
// when lfa is allowed any path is allowed
|
|
if lfaAllowed {
|
|
return filePath, nil
|
|
}
|
|
return "", errorutil.New("path %v is outside nuclei-template directory and -lfa is not enabled", filePath)
|
|
}
|