linting
This commit is contained in:
Stephan D
@@ -2,6 +2,7 @@ package docstore
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"strings"
|
||||
@@ -36,8 +37,12 @@ func (s *LocalStore) Save(ctx context.Context, key string, data []byte) error {
|
||||
return err
|
||||
}
|
||||
|
||||
path := filepath.Join(s.rootPath, filepath.Clean(key))
|
||||
if err := os.MkdirAll(filepath.Dir(path), 0o755); err != nil {
|
||||
path, err := resolveStoragePath(s.rootPath, key)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if err := os.MkdirAll(filepath.Dir(path), 0o750); err != nil {
|
||||
s.logger.Warn("Failed to create document directory", zap.Error(err), zap.String("path", path))
|
||||
|
||||
return err
|
||||
@@ -56,8 +61,12 @@ func (s *LocalStore) Load(ctx context.Context, key string) ([]byte, error) {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
path := filepath.Join(s.rootPath, filepath.Clean(key))
|
||||
path, err := resolveStoragePath(s.rootPath, key)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
//nolint:gosec // path is constrained by resolveStoragePath to stay within configured root.
|
||||
data, err := os.ReadFile(path)
|
||||
if err != nil {
|
||||
s.logger.Warn("Failed to read document file", zap.Error(err), zap.String("path", path))
|
||||
@@ -69,3 +78,32 @@ func (s *LocalStore) Load(ctx context.Context, key string) ([]byte, error) {
|
||||
}
|
||||
|
||||
var _ Store = (*LocalStore)(nil)
|
||||
|
||||
func resolveStoragePath(rootPath string, key string) (string, error) {
|
||||
cleanKey := filepath.Clean(strings.TrimSpace(key))
|
||||
if cleanKey == "" || cleanKey == "." {
|
||||
return "", merrors.InvalidArgument("docstore: key is required")
|
||||
}
|
||||
|
||||
if filepath.IsAbs(cleanKey) {
|
||||
return "", merrors.InvalidArgument("docstore: absolute keys are not allowed")
|
||||
}
|
||||
|
||||
rootAbs, err := filepath.Abs(rootPath)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("resolve local store root: %w", err)
|
||||
}
|
||||
|
||||
path := filepath.Join(rootAbs, cleanKey)
|
||||
pathAbs, err := filepath.Abs(path)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("resolve local store path: %w", err)
|
||||
}
|
||||
|
||||
prefix := rootAbs + string(filepath.Separator)
|
||||
if pathAbs != rootAbs && !strings.HasPrefix(pathAbs, prefix) {
|
||||
return "", merrors.InvalidArgument("docstore: key escapes root path")
|
||||
}
|
||||
|
||||
return pathAbs, nil
|
||||
}
|
||||
|
||||
@@ -124,7 +124,11 @@ func (s *S3Store) Load(ctx context.Context, key string) ([]byte, error) {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
defer obj.Body.Close()
|
||||
defer func() {
|
||||
if closeErr := obj.Body.Close(); closeErr != nil {
|
||||
s.logger.Warn("Failed to close document body", zap.Error(closeErr), zap.String("key", key))
|
||||
}
|
||||
}()
|
||||
|
||||
return io.ReadAll(obj.Body)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user