fix: improve security by adding path validation and restricting file permissions

kuhahalong · kuhahalong · commit df1e26abe532 · 2024-12-09T08:16:31.000+08:00
diff --git a/analyzer.go b/analyzer.go
@@ -13,6 +13,7 @@ import (
 	"strings"
 	"time"
 
+	"golang.org/x/mod/modfile"
 	"golang.org/x/tools/go/packages"
 )
 
@@ -41,6 +42,64 @@ func NewAnalyzer(opts ...Option) *DefaultAnalyzer {
 	}
 }
 
+// validatePath checks if the path is safe to access
+func (a *DefaultAnalyzer) validatePath(path string) error {
+	if path == "" {
+		return fmt.Errorf("empty path")
+	}
+
+	// Convert to absolute path
+	absPath := path
+	if !filepath.IsAbs(path) {
+		absPath = filepath.Join(a.opts.WorkDir, path)
+	}
+
+	// Clean the path
+	absPath = filepath.Clean(absPath)
+
+	// Check if the path is within workDir
+	workDirAbs, err := filepath.Abs(a.opts.WorkDir)
+	if err != nil {
+		return fmt.Errorf("failed to get absolute path: %w", err)
+	}
+
+	if !strings.HasPrefix(absPath, workDirAbs) {
+		return fmt.Errorf("path is outside of working directory")
+	}
+
+	return nil
+}
+
+// loadGoMod loads and parses the go.mod file
+func (a *DefaultAnalyzer) loadGoMod() (*modfile.File, error) {
+	goModPath := filepath.Join(a.opts.WorkDir, "go.mod")
+
+	if err := a.validatePath(goModPath); err != nil {
+		return nil, fmt.Errorf("invalid go.mod path: %w", err)
+	}
+
+	content, err := os.ReadFile(goModPath)
+	if err != nil {
+		return nil, fmt.Errorf("read go.mod: %w", err)
+	}
+
+	// Extract module name from go.mod
+	var moduleName string
+	lines := strings.Split(string(content), "\n")
+	for _, line := range lines {
+		if strings.HasPrefix(strings.TrimSpace(line), "module ") {
+			moduleName = strings.TrimSpace(strings.TrimPrefix(strings.TrimSpace(line), "module "))
+			break
+		}
+	}
+
+	if moduleName == "" {
+		return nil, &AnalysisError{Op: "parse go.mod", Path: goModPath, Wrapped: fmt.Errorf("module name not found")}
+	}
+
+	return nil, nil
+}
+
 // loadPackage loads a package with basic configuration
 // It supports both local and third-party packages
 func (a *DefaultAnalyzer) loadPackage(pkgPath string) (*packages.Package, error) {
diff --git a/examples/validator/main.go b/examples/validator/main.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"log"
 	"os"
+	"path/filepath"
 
 	"github.com/iamlongalong/readgo"
 )
@@ -37,9 +38,10 @@ func InvalidFunction() {
 }`,
 	}
 
-	// Write test files
+	// Write test files with secure permissions
 	for name, content := range files {
-		if err := os.WriteFile(tmpDir+"/"+name, []byte(content), 0644); err != nil {
+		filePath := filepath.Join(tmpDir, name)
+		if err := os.WriteFile(filePath, []byte(content), 0600); err != nil {
 			log.Fatalf("Failed to write file %s: %v", name, err)
 		}
 	}
diff --git a/reader.go b/reader.go
@@ -29,8 +29,40 @@ func (r *DefaultReader) WithWorkDir(dir string) *DefaultReader {
 	return r
 }
 
+// validatePath checks if the path is safe to access
+func (r *DefaultReader) validatePath(path string) error {
+	if path == "" {
+		return fmt.Errorf("empty path")
+	}
+
+	// Convert to absolute path
+	absPath := path
+	if !filepath.IsAbs(path) {
+		absPath = filepath.Join(r.workDir, path)
+	}
+
+	// Clean the path
+	absPath = filepath.Clean(absPath)
+
+	// Check if the path is within workDir
+	workDirAbs, err := filepath.Abs(r.workDir)
+	if err != nil {
+		return fmt.Errorf("failed to get absolute path: %w", err)
+	}
+
+	if !strings.HasPrefix(absPath, workDirAbs) {
+		return fmt.Errorf("path is outside of working directory")
+	}
+
+	return nil
+}
+
 // GetFileTree returns the file tree starting from the given root
 func (r *DefaultReader) GetFileTree(ctx context.Context, root string, opts TreeOptions) (*FileTreeNode, error) {
+	if err := r.validatePath(root); err != nil {
+		return nil, fmt.Errorf("invalid root path: %w", err)
+	}
+
 	if root == "" {
 		root = "."
 	}
@@ -233,11 +265,15 @@ func (r *DefaultReader) SearchFiles(ctx context.Context, pattern string, opts Tr
 
 // ReadSourceFile reads a source file with the specified options
 func (r *DefaultReader) ReadSourceFile(ctx context.Context, path string, opts ReadOptions) ([]byte, error) {
-	if path == "" {
-		return nil, ErrInvalidInput
+	if err := r.validatePath(path); err != nil {
+		return nil, fmt.Errorf("invalid path: %w", err)
+	}
+
+	absPath := path
+	if !filepath.IsAbs(path) {
+		absPath = filepath.Join(r.workDir, path)
 	}
 
-	absPath := filepath.Join(r.workDir, path)
 	info, err := os.Stat(absPath)
 	if err != nil {
 		return nil, err

Original file line number	Diff line number	Diff line change
`@@ -5,6 +5,7 @@ import (`
`5`	`5`	`"fmt"`
`6`	`6`	`"log"`
`7`	`7`	`"os"`
	`8`	`+ "path/filepath"`
`8`	`9`
`9`	`10`	`"github.com/iamlongalong/readgo"`
`10`	`11`	`)`
`@@ -37,9 +38,10 @@ func InvalidFunction() {`
`37`	`38`	}`,
`38`	`39`	`}`
`39`	`40`
`40`		`- // Write test files`
	`41`	`+ // Write test files with secure permissions`
`41`	`42`	`for name, content := range files {`
`42`		`- if err := os.WriteFile(tmpDir+"/"+name, []byte(content), 0644); err != nil {`
	`43`	`+ filePath := filepath.Join(tmpDir, name)`
	`44`	`+ if err := os.WriteFile(filePath, []byte(content), 0600); err != nil {`
`43`	`45`	`log.Fatalf("Failed to write file %s: %v", name, err)`
`44`	`46`	`}`
`45`	`47`	`}`