Fix config file security check access path

package.json

@@ -1,6 +1,6 @@
 {
   "name": "wms-core",
-  "version": "0.16.0",
+  "version": "0.16.1",
   "description": "Node web framework",
   "repository": "git@gitlab.com:ArisuOngaku/wms-core.git",
   "author": "Alice Gaudon <alice@gaudon.pro>",

src/Application.ts

@@ -13,6 +13,7 @@ import {ValidationBag} from "./db/Validator";
 import config from "config";
 import * as fs from "fs";
 import SecurityError from "./SecurityError";
+import * as path from "path";
 import TemplateError = lib.TemplateError;
 
 export default abstract class Application {
@@ -180,12 +181,14 @@ export default abstract class Application {
 
     private async checkSecuritySettings(): Promise<void> {
         // Check config file permissions
-        for (const file of fs.readdirSync('config')) {
+        const configDir = 'config';
-            const stats = fs.lstatSync(file);
+        for (const file of fs.readdirSync(configDir)) {
+            const fullPath = path.resolve(configDir, file);
+            const stats = fs.lstatSync(fullPath);
             if (stats.uid !== process.getuid())
-                throw new SecurityError(file + ' is not owned by this process (' + process.getuid() + ').');
+                throw new SecurityError(fullPath + ' is not owned by this process (' + process.getuid() + ').');
             if (stats.mode !== 400)
-                throw new SecurityError(file + ' is not chmod 400.');
+                throw new SecurityError(fullPath + ' is not chmod 400.');
         }
 
         // Check security fields