mirror of
https://github.com/mudler/LocalAI.git
synced 2024-06-07 19:40:48 +00:00
d072835796
* adds a new configuration option to hide all error message information from http requests --------- Signed-off-by: Dave Lee <dave@gray101.com>
41 lines
1.0 KiB
Go
41 lines
1.0 KiB
Go
package utils
|
|
|
|
import (
|
|
"fmt"
|
|
"os"
|
|
"path/filepath"
|
|
"strings"
|
|
)
|
|
|
|
func ExistsInPath(path string, s string) bool {
|
|
_, err := os.Stat(filepath.Join(path, s))
|
|
return err == nil
|
|
}
|
|
|
|
func InTrustedRoot(path string, trustedRoot string) error {
|
|
for path != "/" {
|
|
path = filepath.Dir(path)
|
|
if path == trustedRoot {
|
|
return nil
|
|
}
|
|
}
|
|
return fmt.Errorf("path is outside of trusted root")
|
|
}
|
|
|
|
// VerifyPath verifies that path is based in basePath.
|
|
func VerifyPath(path, basePath string) error {
|
|
c := filepath.Clean(filepath.Join(basePath, path))
|
|
return InTrustedRoot(c, filepath.Clean(basePath))
|
|
}
|
|
|
|
// SanitizeFileName sanitizes the given filename
|
|
func SanitizeFileName(fileName string) string {
|
|
// filepath.Clean to clean the path
|
|
cleanName := filepath.Clean(fileName)
|
|
// filepath.Base to ensure we only get the final element, not any directory path
|
|
baseName := filepath.Base(cleanName)
|
|
// Replace any remaining tricky characters that might have survived cleaning
|
|
safeName := strings.ReplaceAll(baseName, "..", "")
|
|
return safeName
|
|
}
|