Commit 41f94ea
committed
fix(logs): contain server-name-derived log path within log dir
CodeQL go/path-injection flagged the daemon log reader
(internal/server/server.go) where a user-controlled server name flows into
the log file path. logs.ServerLogFilename already sanitizes the name to a
single path element, so the flow is safe, but CodeQL does not recognize the
strings.Map char-whitelist as a barrier. Add an explicit filepath.Clean +
prefix containment guard at both log-read sites (daemon reader and the
no-daemon CLI reader, which feeds tail) so the resolved path can never escape
the log directory. Defense-in-depth + clears the alert without weakening any
check. Valid namespaced names (io.github.owner/repo) are unaffected — their
sanitized filename stays a single element under logDir.
Related #6041 parent bd9a8d5 commit 41f94ea
2 files changed
Lines changed: 15 additions & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
774 | 774 | | |
775 | 775 | | |
776 | 776 | | |
| 777 | + | |
| 778 | + | |
| 779 | + | |
| 780 | + | |
| 781 | + | |
| 782 | + | |
| 783 | + | |
| 784 | + | |
777 | 785 | | |
778 | 786 | | |
779 | 787 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
2284 | 2284 | | |
2285 | 2285 | | |
2286 | 2286 | | |
| 2287 | + | |
| 2288 | + | |
| 2289 | + | |
| 2290 | + | |
| 2291 | + | |
| 2292 | + | |
| 2293 | + | |
2287 | 2294 | | |
2288 | 2295 | | |
2289 | 2296 | | |
| |||
0 commit comments