59 lines
2.0 KiB
Diff
59 lines
2.0 KiB
Diff
From 09c719964b362fa358c705a7b7e24bb02a1259bb Mon Sep 17 00:00:00 2001
|
|
From: zhoupengcheng <zhoupengcheng11@huawei.com>
|
|
Date: Wed, 8 Nov 2023 12:32:43 +0800
|
|
Subject: [PATCH] 0001-define-fix-privilege-escalation.patch
|
|
|
|
---
|
|
modules/client/profile/profile_define.go | 16 +++++++++++++++-
|
|
1 file changed, 15 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/modules/client/profile/profile_define.go b/modules/client/profile/profile_define.go
|
|
index 87b3781..24e31d3 100644
|
|
--- a/modules/client/profile/profile_define.go
|
|
+++ b/modules/client/profile/profile_define.go
|
|
@@ -19,6 +19,7 @@ import (
|
|
SVC "gitee.com/openeuler/A-Tune/common/service"
|
|
"gitee.com/openeuler/A-Tune/common/utils"
|
|
"fmt"
|
|
+ "regexp"
|
|
"io/ioutil"
|
|
|
|
"github.com/go-ini/ini"
|
|
@@ -88,11 +89,22 @@ func profileDefined(ctx *cli.Context) error {
|
|
if err := profileDefineCheck(ctx); err != nil {
|
|
return err
|
|
}
|
|
+
|
|
+
|
|
+ detectRule := `[./].*`
|
|
+ detectPathchar := regexp.MustCompile(detectRule)
|
|
+
|
|
serviceType := ctx.Args().Get(0)
|
|
+ if detectPathchar.MatchString(serviceType) {
|
|
+ return fmt.Errorf("serviceType:%s cannot contain special path characters '/' or '.' ", serviceType)
|
|
+ }
|
|
if !utils.IsInputStringValid(serviceType) {
|
|
return fmt.Errorf("input:%s is invalid", serviceType)
|
|
}
|
|
applicationName := ctx.Args().Get(1)
|
|
+ if detectPathchar.MatchString(applicationName) {
|
|
+ return fmt.Errorf("applicationName:%s cannot contain special path characters '/' or '.' ", applicationName)
|
|
+ }
|
|
if !utils.IsInputStringValid(applicationName) {
|
|
return fmt.Errorf("input:%s is invalid", applicationName)
|
|
}
|
|
@@ -100,7 +112,9 @@ func profileDefined(ctx *cli.Context) error {
|
|
if !utils.IsInputStringValid(scenarioName) {
|
|
return fmt.Errorf("input:%s is invalid", scenarioName)
|
|
}
|
|
-
|
|
+ if detectPathchar.MatchString(scenarioName) {
|
|
+ return fmt.Errorf("scenarioName:%s cannot contain special path characters '/' or '.' ", scenarioName)
|
|
+ }
|
|
data, err := ioutil.ReadFile(ctx.Args().Get(3))
|
|
if err != nil {
|
|
return err
|
|
--
|
|
2.33.0
|
|
|