api: allow paths when writing files (#302)
This commit is contained in:
parent
968390d5b6
commit
5cd84ae816
|
@ -59,6 +59,13 @@ class Job {
|
||||||
|
|
||||||
for (const file of this.files) {
|
for (const file of this.files) {
|
||||||
let file_path = path.join(this.dir, file.name);
|
let file_path = path.join(this.dir, file.name);
|
||||||
|
const rel = path.relative(this.dir, file_path);
|
||||||
|
|
||||||
|
if(rel.startsWith(".."))
|
||||||
|
throw Error(`File path "${file.name}" tries to escape parent directory: ${rel}`)
|
||||||
|
|
||||||
|
await fs.mkdir(path.dirname(file_path), {recursive: true, mode: 0o700})
|
||||||
|
await fs.chown(path.dirname(file_path), this.uid, this.gid);
|
||||||
|
|
||||||
await fs.write_file(file_path, file.content);
|
await fs.write_file(file_path, file.content);
|
||||||
await fs.chown(file_path, this.uid, this.gid);
|
await fs.chown(file_path, this.uid, this.gid);
|
||||||
|
|
Loading…
Reference in New Issue