41 lines
1.3 KiB
Rust
41 lines
1.3 KiB
Rust
|
use homedisk_types::errors::{FsError, ServerError};
|
||
|
|
|
||
|
|
/// Validate path param provided in the request
|
||
|
|
pub fn validate_path(path: &str) -> Result<(), ServerError> {
|
||
|
|
// `path` can't contain `..`
|
||
|
|
// to prevent attack attempts because by using a `..` you can access the previous folder
|
||
|
|
if path.contains("..") {
|
||
|
|
return Err(ServerError::FsError(FsError::ReadDirectory(
|
||
|
|
"the `path` can't contain `..`".to_string(),
|
||
|
|
)));
|
||
|
|
}
|
||
|
|
|
||
|
|
// `path` can't contain `~`
|
||
|
|
// to prevent attack attempts because `~` can get up a directory on `$HOME`
|
||
|
|
if path.contains('~') {
|
||
|
|
return Err(ServerError::FsError(FsError::ReadDirectory(
|
||
|
|
"the `path` can't not contain `~`".to_string(),
|
||
|
|
)));
|
||
|
|
}
|
||
|
|
|
||
|
|
Ok(())
|
||
|
|
}
|
||
|
|
|
||
|
|
#[cfg(test)]
|
||
|
|
mod tests {
|
||
|
|
use super::*;
|
||
|
|
|
||
|
|
#[test]
|
||
|
|
fn test_validate_path() {
|
||
|
|
// Successfully
|
||
|
|
assert!(validate_path("Directory/path/to/test.png").is_ok());
|
||
|
|
assert!(validate_path("/test.png").is_ok()); // `/` doesn't point to the system root
|
||
|
|
assert!(validate_path("./test.png").is_ok());
|
||
|
|
|
||
|
|
// Errors
|
||
|
|
assert!(validate_path("../../test.png").is_err());
|
||
|
|
assert!(validate_path("../test.png").is_err());
|
||
|
|
assert!(validate_path("~/test.png").is_err());
|
||
|
|
}
|
||
|
|
}
|