From 09c719964b362fa358c705a7b7e24bb02a1259bb Mon Sep 17 00:00:00 2001 From: zhoupengcheng Date: Wed, 8 Nov 2023 12:32:43 +0800 Subject: [PATCH] 0001-define-fix-privilege-escalation.patch --- modules/client/profile/profile_define.go | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/modules/client/profile/profile_define.go b/modules/client/profile/profile_define.go index 87b3781..24e31d3 100644 --- a/modules/client/profile/profile_define.go +++ b/modules/client/profile/profile_define.go @@ -19,6 +19,7 @@ import ( SVC "gitee.com/openeuler/A-Tune/common/service" "gitee.com/openeuler/A-Tune/common/utils" "fmt" + "regexp" "io/ioutil" "github.com/go-ini/ini" @@ -88,11 +89,22 @@ func profileDefined(ctx *cli.Context) error { if err := profileDefineCheck(ctx); err != nil { return err } + + + detectRule := `[./].*` + detectPathchar := regexp.MustCompile(detectRule) + serviceType := ctx.Args().Get(0) + if detectPathchar.MatchString(serviceType) { + return fmt.Errorf("serviceType:%s cannot contain special path characters '/' or '.' ", serviceType) + } if !utils.IsInputStringValid(serviceType) { return fmt.Errorf("input:%s is invalid", serviceType) } applicationName := ctx.Args().Get(1) + if detectPathchar.MatchString(applicationName) { + return fmt.Errorf("applicationName:%s cannot contain special path characters '/' or '.' ", applicationName) + } if !utils.IsInputStringValid(applicationName) { return fmt.Errorf("input:%s is invalid", applicationName) } @@ -100,7 +112,9 @@ func profileDefined(ctx *cli.Context) error { if !utils.IsInputStringValid(scenarioName) { return fmt.Errorf("input:%s is invalid", scenarioName) } - + if detectPathchar.MatchString(scenarioName) { + return fmt.Errorf("scenarioName:%s cannot contain special path characters '/' or '.' ", scenarioName) + } data, err := ioutil.ReadFile(ctx.Args().Get(3)) if err != nil { return err -- 2.33.0