diff options
author | Chris <ccbrown112@gmail.com> | 2017-09-11 10:02:02 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-09-11 10:02:02 -0500 |
commit | 402491b7e52c4d836c1274976cdb387852cfd17b (patch) | |
tree | e8adcbdf0af5370f8af11e3fc1021a328c971a5d /plugin/rpcplugin/supervisor.go | |
parent | a69bed712d53e9a7984915fffffc8a2fd1647a7a (diff) | |
download | chat-402491b7e52c4d836c1274976cdb387852cfd17b.tar.gz chat-402491b7e52c4d836c1274976cdb387852cfd17b.tar.bz2 chat-402491b7e52c4d836c1274976cdb387852cfd17b.zip |
PLT-7407: Back-end plugins (#7409)
* tie back-end plugins together
* fix comment typo
* add tests and a bit of polish
* tests and polish
* add test, don't let backend executable paths escape the plugin directory
Diffstat (limited to 'plugin/rpcplugin/supervisor.go')
-rw-r--r-- | plugin/rpcplugin/supervisor.go | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/plugin/rpcplugin/supervisor.go b/plugin/rpcplugin/supervisor.go index 6a00d0468..7e37e2851 100644 --- a/plugin/rpcplugin/supervisor.go +++ b/plugin/rpcplugin/supervisor.go @@ -4,6 +4,7 @@ import ( "context" "fmt" "path/filepath" + "strings" "sync/atomic" "time" @@ -123,7 +124,11 @@ func SupervisorProvider(bundle *model.BundleInfo) (plugin.Supervisor, error) { } else if bundle.Manifest.Backend == nil || bundle.Manifest.Backend.Executable == "" { return nil, fmt.Errorf("no backend executable specified") } + executable := filepath.Clean(filepath.Join(".", bundle.Manifest.Backend.Executable)) + if strings.HasPrefix(executable, "..") { + return nil, fmt.Errorf("invalid backend executable") + } return &Supervisor{ - executable: filepath.Join(bundle.Path, bundle.Manifest.Backend.Executable), + executable: filepath.Join(bundle.Path, executable), }, nil } |