Fix config file security check access path

This commit is contained in:
Alice Gaudon 2020-07-15 15:22:04 +02:00
parent 74f8b48d27
commit 583a5a92de
2 changed files with 8 additions and 5 deletions

View File

@ -1,6 +1,6 @@
{ {
"name": "wms-core", "name": "wms-core",
"version": "0.16.0", "version": "0.16.1",
"description": "Node web framework", "description": "Node web framework",
"repository": "git@gitlab.com:ArisuOngaku/wms-core.git", "repository": "git@gitlab.com:ArisuOngaku/wms-core.git",
"author": "Alice Gaudon <alice@gaudon.pro>", "author": "Alice Gaudon <alice@gaudon.pro>",

View File

@ -13,6 +13,7 @@ import {ValidationBag} from "./db/Validator";
import config from "config"; import config from "config";
import * as fs from "fs"; import * as fs from "fs";
import SecurityError from "./SecurityError"; import SecurityError from "./SecurityError";
import * as path from "path";
import TemplateError = lib.TemplateError; import TemplateError = lib.TemplateError;
export default abstract class Application { export default abstract class Application {
@ -180,12 +181,14 @@ export default abstract class Application {
private async checkSecuritySettings(): Promise<void> { private async checkSecuritySettings(): Promise<void> {
// Check config file permissions // Check config file permissions
for (const file of fs.readdirSync('config')) { const configDir = 'config';
const stats = fs.lstatSync(file); for (const file of fs.readdirSync(configDir)) {
const fullPath = path.resolve(configDir, file);
const stats = fs.lstatSync(fullPath);
if (stats.uid !== process.getuid()) if (stats.uid !== process.getuid())
throw new SecurityError(file + ' is not owned by this process (' + process.getuid() + ').'); throw new SecurityError(fullPath + ' is not owned by this process (' + process.getuid() + ').');
if (stats.mode !== 400) if (stats.mode !== 400)
throw new SecurityError(file + ' is not chmod 400.'); throw new SecurityError(fullPath + ' is not chmod 400.');
} }
// Check security fields // Check security fields