Fix config file security check access path
This commit is contained in:
parent
74f8b48d27
commit
583a5a92de
@ -1,6 +1,6 @@
|
|||||||
{
|
{
|
||||||
"name": "wms-core",
|
"name": "wms-core",
|
||||||
"version": "0.16.0",
|
"version": "0.16.1",
|
||||||
"description": "Node web framework",
|
"description": "Node web framework",
|
||||||
"repository": "git@gitlab.com:ArisuOngaku/wms-core.git",
|
"repository": "git@gitlab.com:ArisuOngaku/wms-core.git",
|
||||||
"author": "Alice Gaudon <alice@gaudon.pro>",
|
"author": "Alice Gaudon <alice@gaudon.pro>",
|
||||||
|
@ -13,6 +13,7 @@ import {ValidationBag} from "./db/Validator";
|
|||||||
import config from "config";
|
import config from "config";
|
||||||
import * as fs from "fs";
|
import * as fs from "fs";
|
||||||
import SecurityError from "./SecurityError";
|
import SecurityError from "./SecurityError";
|
||||||
|
import * as path from "path";
|
||||||
import TemplateError = lib.TemplateError;
|
import TemplateError = lib.TemplateError;
|
||||||
|
|
||||||
export default abstract class Application {
|
export default abstract class Application {
|
||||||
@ -180,12 +181,14 @@ export default abstract class Application {
|
|||||||
|
|
||||||
private async checkSecuritySettings(): Promise<void> {
|
private async checkSecuritySettings(): Promise<void> {
|
||||||
// Check config file permissions
|
// Check config file permissions
|
||||||
for (const file of fs.readdirSync('config')) {
|
const configDir = 'config';
|
||||||
const stats = fs.lstatSync(file);
|
for (const file of fs.readdirSync(configDir)) {
|
||||||
|
const fullPath = path.resolve(configDir, file);
|
||||||
|
const stats = fs.lstatSync(fullPath);
|
||||||
if (stats.uid !== process.getuid())
|
if (stats.uid !== process.getuid())
|
||||||
throw new SecurityError(file + ' is not owned by this process (' + process.getuid() + ').');
|
throw new SecurityError(fullPath + ' is not owned by this process (' + process.getuid() + ').');
|
||||||
if (stats.mode !== 400)
|
if (stats.mode !== 400)
|
||||||
throw new SecurityError(file + ' is not chmod 400.');
|
throw new SecurityError(fullPath + ' is not chmod 400.');
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check security fields
|
// Check security fields
|
||||||
|
Loading…
Reference in New Issue
Block a user