Fix config file security check access path
This commit is contained in:
parent
74f8b48d27
commit
583a5a92de
@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "wms-core",
|
||||
"version": "0.16.0",
|
||||
"version": "0.16.1",
|
||||
"description": "Node web framework",
|
||||
"repository": "git@gitlab.com:ArisuOngaku/wms-core.git",
|
||||
"author": "Alice Gaudon <alice@gaudon.pro>",
|
||||
|
@ -13,6 +13,7 @@ import {ValidationBag} from "./db/Validator";
|
||||
import config from "config";
|
||||
import * as fs from "fs";
|
||||
import SecurityError from "./SecurityError";
|
||||
import * as path from "path";
|
||||
import TemplateError = lib.TemplateError;
|
||||
|
||||
export default abstract class Application {
|
||||
@ -180,12 +181,14 @@ export default abstract class Application {
|
||||
|
||||
private async checkSecuritySettings(): Promise<void> {
|
||||
// Check config file permissions
|
||||
for (const file of fs.readdirSync('config')) {
|
||||
const stats = fs.lstatSync(file);
|
||||
const configDir = 'config';
|
||||
for (const file of fs.readdirSync(configDir)) {
|
||||
const fullPath = path.resolve(configDir, file);
|
||||
const stats = fs.lstatSync(fullPath);
|
||||
if (stats.uid !== process.getuid())
|
||||
throw new SecurityError(file + ' is not owned by this process (' + process.getuid() + ').');
|
||||
throw new SecurityError(fullPath + ' is not owned by this process (' + process.getuid() + ').');
|
||||
if (stats.mode !== 400)
|
||||
throw new SecurityError(file + ' is not chmod 400.');
|
||||
throw new SecurityError(fullPath + ' is not chmod 400.');
|
||||
}
|
||||
|
||||
// Check security fields
|
||||
|
Loading…
Reference in New Issue
Block a user