mirror of
https://github.com/yggdrasil-network/yggdrasil-go.git
synced 2025-08-24 07:55:06 +03:00
Remove safe file operation wrappers from configuration handling to streamline code. Update SECURITY.md to reflect the removal of these functions and adjust the section numbering accordingly.
This commit is contained in:
Andy Oknen
parent
443f9d0afd
commit
2180e12b73
2 changed files with 2 additions and 37 deletions
|
|
@ -34,22 +34,14 @@ Multiple layers of protection:
|
|||
|
||||
## Additional Security Measures
|
||||
|
||||
### 4. Safe File Operation Wrappers
|
||||
|
||||
Additional wrapper functions provide extra safety:
|
||||
|
||||
- `safeReadFile()` - Validates paths before reading
|
||||
- `safeWriteFile()` - Validates paths before writing
|
||||
- `safeStat()` - Validates paths before stat operations
|
||||
|
||||
### 5. System Directory Protection
|
||||
### 4. System Directory Protection
|
||||
|
||||
Restricted access to sensitive system directories:
|
||||
- Blocks access to `/etc/` (except `/etc/yggdrasil/`)
|
||||
- Blocks access to `/root/`, `/var/` (except `/var/lib/yggdrasil/`)
|
||||
- Blocks access to `/sys/`, `/proc/`, `/dev/`
|
||||
|
||||
### 6. Path Depth Limiting
|
||||
### 5. Path Depth Limiting
|
||||
|
||||
Maximum path depth of 10 levels to prevent deeply nested attacks.
|
||||
|
||||
|
|
|
|||
|
|
@ -370,33 +370,6 @@ func validateConfigPath(path string) (string, error) {
|
|||
return absPath, nil
|
||||
}
|
||||
|
||||
// safeReadFile safely reads a file after validating the path
|
||||
func safeReadFile(path string) ([]byte, error) {
|
||||
validatedPath, err := validateConfigPath(path)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("invalid file path: %v", err)
|
||||
}
|
||||
return os.ReadFile(validatedPath)
|
||||
}
|
||||
|
||||
// safeWriteFile safely writes a file after validating the path
|
||||
func safeWriteFile(path string, data []byte, perm os.FileMode) error {
|
||||
validatedPath, err := validateConfigPath(path)
|
||||
if err != nil {
|
||||
return fmt.Errorf("invalid file path: %v", err)
|
||||
}
|
||||
return os.WriteFile(validatedPath, data, perm)
|
||||
}
|
||||
|
||||
// safeStat safely stats a file after validating the path
|
||||
func safeStat(path string) (os.FileInfo, error) {
|
||||
validatedPath, err := validateConfigPath(path)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("invalid file path: %v", err)
|
||||
}
|
||||
return os.Stat(validatedPath)
|
||||
}
|
||||
|
||||
// SetCurrentConfig sets the current configuration data and path
|
||||
func SetCurrentConfig(path string, cfg *NodeConfig) {
|
||||
// Validate the path before setting it
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue