jiriks74/dztui
1
0
Fork 0
mirror of https://github.com/aclist/dztui.git synced 2025-03-14 16:33:00 +01:00
Code Issues Wiki Activity Actions

fix: symlink traversal

Browse source
This commit is contained in:
aclist 2025-01-09 23:20:18 +09:00
parent 79b0bae05d
commit 923bac8f76
2 changed files with 15 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
dzgui.sh
View file

@ -1,7 +1,7 @@
#!/usr/bin/env bash #!/usr/bin/env bash
set -o pipefail set -o pipefail
version=5.7.0-beta.1 version=5.7.0-beta.2
#CONSTANTS #CONSTANTS
aid=221100 aid=221100
@ -76,6 +76,9 @@ set_im_module(){
return return
fi fi
} }
redact(){
sed 's@\(/home/\)\([^/]*\)\(.*\)@\1REDACTED\3@g'
}
logger(){ logger(){
local date="$(date "+%F %T,%3N")" local date="$(date "+%F %T,%3N")"
local tag="$1" local tag="$1"
@ -83,8 +86,8 @@ logger(){
local self="${BASH_SOURCE[0]}" local self="${BASH_SOURCE[0]}"
local caller="${FUNCNAME[1]}" local caller="${FUNCNAME[1]}"
local line="${BASH_LINENO[0]}" local line="${BASH_LINENO[0]}"
self="$(<<< "$self" sed 's@\(/[^/]*/\)\([^/]*\)\(.*\)@\1REDACTED\3@g')" printf "%s␞%s␞%s::%s()::%s␞%s\n" "$date" "$tag" "$self" "$caller" "$line" "$string" \
printf "%s␞%s␞%s::%s()::%s␞%s\n" "$date" "$tag" "$self" "$caller" "$line" "$string" >> "$debug_log" | redact >> "$debug_log"
} }
setup_dirs(){ setup_dirs(){
for dir in "$state_path" "$cache_path" "$share_path" "$helpers_path" "$freedesktop_path" "$config_path" "$log_path"; do for dir in "$state_path" "$cache_path" "$share_path" "$helpers_path" "$freedesktop_path" "$config_path" "$log_path"; do
@ -587,7 +590,7 @@ fetch_helpers_by_sum(){
["ui.py"]="d3ad9153d8599bea0eede9fd3121ee8e" ["ui.py"]="d3ad9153d8599bea0eede9fd3121ee8e"
["query_v2.py"]="55d339ba02512ac69de288eb3be41067" ["query_v2.py"]="55d339ba02512ac69de288eb3be41067"
["vdf2json.py"]="2f49f6f5d3af919bebaab2e9c220f397" ["vdf2json.py"]="2f49f6f5d3af919bebaab2e9c220f397"
["funcs"]="baa2c9c93edacb98384ae9f319e3b27f" ["funcs"]="3dc91b7effed4c9493ddba488fe8d9ff"
["lan"]="c62e84ddd1457b71a85ad21da662b9af" ["lan"]="c62e84ddd1457b71a85ad21da662b9af"
) )
local author="aclist" local author="aclist"
@ -937,7 +940,7 @@ initial_setup(){
watcher_deps watcher_deps
check_architecture check_architecture
test_connection test_connection
fetch_helpers > >(pdialog "Checking helper files") # fetch_helpers > >(pdialog "Checking helper files")
varcheck varcheck
source "$config_file" source "$config_file"
lock lock

11
helpers/funcs
View file

@ -735,6 +735,9 @@ dump_servers(){
logger INFO "Server context is '$subcontext', reading from file '$file'" logger INFO "Server context is '$subcontext', reading from file '$file'"
filter_servers "$file" "$@" filter_servers "$file" "$@"
} }
redact(){
sed 's@\(/home/\)\([^/]*\)\(.*\)@\1REDACTED\3@g'
}
logger(){ logger(){
local date="$(date "+%F %T,%3N")" local date="$(date "+%F %T,%3N")"
local tag="$1" local tag="$1"
@ -742,8 +745,8 @@ logger(){
local self="${BASH_SOURCE[0]}" local self="${BASH_SOURCE[0]}"
local caller="${FUNCNAME[1]}" local caller="${FUNCNAME[1]}"
local line="${BASH_LINENO[0]}" local line="${BASH_LINENO[0]}"
self="$(<<< "$self" sed 's@\(/[^/]*/\)\([^/]*\)\(.*\)@\1REDACTED\3@g')" printf "%s␞%s␞%s::%s()::%s␞%s\n" "$date" "$tag" "$self" "$caller" "$line" "$string" \
printf "%s␞%s␞%s::%s()::%s␞%s\n" "$date" "$tag" "$self" "$caller" "$line" "$string" >> "$debug_log" | redact >> "$debug_log"
} }
test_ping(){ test_ping(){
shift shift
@ -1243,8 +1246,8 @@ symlinks(){
done done
} }
readarray -t mods < <(find $workshop_dir -mindepth 1 -name meta.cpp | awk -F/ 'NF=NF-1{print $NF}') readarray -t mods < <(find "$workshop_dir" -mindepth 1 -name meta.cpp | awk -F/ 'NF=NF-1{print $NF}')
readarray -t links < <(find $game_dir -type l) readarray -t links < <(find "$game_dir" -maxdepth 1 -type l)
if [[ ${#mods[@]} -eq 0 ]]; then if [[ ${#mods[@]} -eq 0 ]]; then
logger INFO "No mods present, aborting" logger INFO "No mods present, aborting"