Skip to content

Commit 1ea3d94

Browse files
committed
fix: bug with the update tool and paths not being correct. Changed to abs path checks
1 parent 667c25b commit 1ea3d94

File tree

1 file changed

+26
-6
lines changed

1 file changed

+26
-6
lines changed

src/cmd/update.go

Lines changed: 26 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -30,6 +30,17 @@ var updateCmd = &cobra.Command{
3030
Long: `This command will try to update the cocommit cli tool by either running the update script or by running the go get Command if the -g flag is set.`,
3131
Run: func(cmd *cobra.Command, args []string) {
3232
gflag, _ := cmd.Flags().GetBool("go-get")
33+
cflag, _ := cmd.Flags().GetBool("check")
34+
35+
if cflag {
36+
fmt.Println("Checking if Cocommit is up to date")
37+
if update {
38+
update_msg()
39+
} else {
40+
fmt.Println("Cocommit is up to date")
41+
}
42+
os.Exit(0)
43+
}
3344

3445
// check version of the cli tool
3546
Github, err := http.Get("https://api.github.com/repos/Slug-Boi/cocommit/releases/latest")
@@ -137,12 +148,12 @@ func updateScript() {
137148
}
138149
err = unzipper("./", r)
139150
if err != nil {
140-
fmt.Println("Error unzipping file")
151+
panic("Error unzipping file - " + err.Error())
141152
}
142153

143154
swapper(exec_path)
144155

145-
fmt.Println("Cocommit cli tool updated successfully")
156+
fmt.Println(update_style.Render("Cocommit cli tool updated successfully"))
146157
}
147158

148159
func swapper(exec_path string) {
@@ -203,10 +214,18 @@ func unzipper(dst string, r io.Reader) error {
203214
// the target location where the dir/file should be created
204215
target := filepath.Join(dst, header.Name)
205216

206-
// ensure the target path is within the destination directory
207-
if !strings.HasPrefix(target, filepath.Clean(dst)+string(os.PathSeparator)) {
208-
return fmt.Errorf("illegal file path: %s", target)
209-
}
217+
// ensure the target path is within the destination directory
218+
cleanTarget, err := filepath.Abs(target)
219+
if err != nil {
220+
return fmt.Errorf("failed to get absolute path: %v", err)
221+
}
222+
cleanDst, err := filepath.Abs(dst)
223+
if err != nil {
224+
return fmt.Errorf("failed to get absolute path: %v", err)
225+
}
226+
if !strings.HasPrefix(cleanTarget, cleanDst+string(os.PathSeparator)) {
227+
return fmt.Errorf("illegal file path: %s\nExpected: %s", cleanTarget, cleanDst+string(os.PathSeparator))
228+
}
210229

211230
// check the file type
212231
switch header.Typeflag {
@@ -241,4 +260,5 @@ func unzipper(dst string, r io.Reader) error {
241260
func init() {
242261
rootCmd.AddCommand(updateCmd)
243262
updateCmd.Flags().BoolP("go-get", "g", false, "Use the go get command to update the cocommit cli tool")
263+
updateCmd.Flags().BoolP("check", "c", false, "Check if the cocommit cli tool is up to date")
244264
}

0 commit comments

Comments
 (0)