Fix: Do not allow git dir to be exposed

Signed-off-by: Knut Ahlers <knut@ahlers.me>
This commit is contained in:
Knut Ahlers 2020-12-16 17:12:17 +01:00
parent f2082d4928
commit 42749b2501
Signed by: luzifer
GPG key ID: 0066F03ED215AD7D
2 changed files with 13 additions and 0 deletions

View file

@ -7,6 +7,7 @@ import (
"os" "os"
"path/filepath" "path/filepath"
"sort" "sort"
"strings"
"sync" "sync"
"github.com/pkg/errors" "github.com/pkg/errors"
@ -62,6 +63,11 @@ func (a *assetVersionStore) UpdateAssetHashes(dir string) error {
return nil return nil
} }
if strings.Contains(path, ".git/") {
// We shouldn't include .git dir in hashes
return nil
}
hash := sha256.New() hash := sha256.New()
f, err := os.Open(path) f, err := os.Open(path)
if err != nil { if err != nil {

View file

@ -4,6 +4,7 @@ import (
"fmt" "fmt"
"net/http" "net/http"
"os" "os"
"strings"
"time" "time"
"github.com/gofrs/uuid" "github.com/gofrs/uuid"
@ -73,6 +74,12 @@ func main() {
registerAPI(router) registerAPI(router)
router.PathPrefix("/public").HandlerFunc(func(w http.ResponseWriter, r *http.Request) { router.PathPrefix("/public").HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if strings.Contains(r.RequestURI, "/.git/") {
// Prevent git dir to be exposed
http.NotFound(w, r)
return
}
w.Header().Set("Cache-Control", "no-cache") w.Header().Set("Cache-Control", "no-cache")
assetServer.ServeHTTP(w, r) assetServer.ServeHTTP(w, r)
}) })