Skip to content

Commit

Permalink
[Fix] code scanning alert uncontrolled data used in path expression (#23
Browse files Browse the repository at this point in the history
)

* fix: add missing return

* fix: implement filter for filename
  • Loading branch information
kevinanielsen authored Dec 18, 2023
1 parent 273e2b0 commit 01a1fd0
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 6 deletions.
1 change: 1 addition & 0 deletions util/handlers/docs/handleDocsUpload.go
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,7 @@ func HandleDocsUpload(c *gin.Context) {

if err != nil {
c.String(http.StatusBadRequest, err.Error())
return
}

if !alreadyExists {
Expand Down
19 changes: 13 additions & 6 deletions util/handlers/image/handleImageUpload.go
Original file line number Diff line number Diff line change
Expand Up @@ -50,27 +50,34 @@ func HandleImageUpload(c *gin.Context) {

fileHashBuffer := md5.Sum(fileBuffer)

var fileName string
var filename string

if newName == "" {

fileName = fileHeader.Filename
filename = fileHeader.Filename
} else {
fileName = newName + filepath.Ext(fileHeader.Filename)
filename = newName + filepath.Ext(fileHeader.Filename)
}

savedFileName, alreadyExists := database.AddImage(fileName, fileHashBuffer[:])
savedFilename, alreadyExists := database.AddImage(filename, fileHashBuffer[:])

filteredFilename, err := util.FilterFilename(filename)

if err != nil {
c.String(http.StatusBadRequest, err.Error())
return
}

if !alreadyExists {
err = c.SaveUploadedFile(fileHeader, util.ExPath+"/uploads/images/"+fileName)
err = c.SaveUploadedFile(fileHeader, util.ExPath+"/uploads/images/"+filteredFilename)
if err != nil {
c.String(http.StatusInternalServerError, "Failed to save file: %s", err.Error())
return
}
}

body := gin.H{
"file_url": c.Request.Host + "/download/images/" + savedFileName,
"file_url": c.Request.Host + "/download/images/" + savedFilename,
}

c.JSON(http.StatusOK, body)
Expand Down

0 comments on commit 01a1fd0

Please sign in to comment.