luzifer/twitch-manager
1
0
Fork 0
mirror of https://github.com/Luzifer/twitch-manager.git synced 2024-09-19 10:52:57 +00:00
Code Issues Projects Releases Wiki Activity

Fix: Do not allow git dir to be exposed

Browse Source 
Signed-off-by: Knut Ahlers <knut@ahlers.me>
This commit is contained in:
Knut Ahlers 2020-12-16 17:12:17 +01:00
parent f2082d4928
commit 42749b2501
Signed by: luzifer
GPG Key ID: 0066F03ED215AD7D
2 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
assets.go
View File

@ -7,6 +7,7 @@ import (
"os"
"path/filepath"
"sort"
"strings"
"sync"
"github.com/pkg/errors"
@ -62,6 +63,11 @@ func (a *assetVersionStore) UpdateAssetHashes(dir string) error {
return nil
}
if strings.Contains(path, ".git/") {
// We shouldn't include .git dir in hashes
return nil
}
hash := sha256.New()
f, err := os.Open(path)
if err != nil {

7
main.go
View File

@ -4,6 +4,7 @@ import (
"fmt"
"net/http"
"os"
"strings"
"time"
"github.com/gofrs/uuid"
@ -73,6 +74,12 @@ func main() {
registerAPI(router)
router.PathPrefix("/public").HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if strings.Contains(r.RequestURI, "/.git/") {
// Prevent git dir to be exposed
http.NotFound(w, r)
return
}
w.Header().Set("Cache-Control", "no-cache")
assetServer.ServeHTTP(w, r)
})