Skip to content
This repository has been archived by the owner on Nov 28, 2022. It is now read-only.

Commit

Permalink
prevent path traversal
Browse files Browse the repository at this point in the history 
Signed-off-by: Andrew Mak <[email protected]>
  • Loading branch information
@makandre @sghung
makandre authored and sghung committed Sep 23, 2019
1 parent b350507 commit 58b800d
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions utils/extensions.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,14 +36,15 @@ func RunCommand(projectPath string, command ExtensionCommand) error {
return err
}
installerPath := filepath.Dir(cwd)
commandBin := filepath.Join(installerPath, command.Command)
commandName := filepath.Base(command.Command) // prevent path traversal
commandBin := filepath.Join(installerPath, commandName)
cmd := exec.Command(commandBin, command.Args...)
cmd.Dir = projectPath
output := new(bytes.Buffer)
cmd.Stdout = output
cmd.Stderr = output
if err := cmd.Start(); err != nil { // after 'Start' the program is continued and script is executing in background
log.Println("There was a problem running the command:", command.Command)
log.Println("There was a problem running the command:", commandName)
return err
}
log.Printf("Please wait while the project is initialized... %s", output.String())
Expand Down

0 comments on commit 58b800d

Please sign in to comment.