chore: allow unsafe path for provider by environment variable
This commit is contained in:
parent
6bdaadc581
commit
73f8da091e
3 changed files with 13 additions and 9 deletions
|
@ -67,7 +67,7 @@ func ParseProxyProvider(name string, mapping map[string]any) (types.ProxyProvide
|
|||
case "file":
|
||||
vehicle = resource.NewFileVehicle(path)
|
||||
case "http":
|
||||
if !C.Path.IsSubPath(path) {
|
||||
if !C.Path.IsSafePath(path) {
|
||||
return nil, fmt.Errorf("%w: %s", errSubPath, path)
|
||||
}
|
||||
vehicle = resource.NewHTTPVehicle(schema.URL, path)
|
||||
|
|
|
@ -20,14 +20,15 @@ var Path = func() *path {
|
|||
if err != nil {
|
||||
homeDir, _ = os.Getwd()
|
||||
}
|
||||
|
||||
allowUnsafePath := strings.TrimSpace(os.Getenv("SKIP_SAFE_PATH_CHECK")) == "1"
|
||||
homeDir = P.Join(homeDir, ".config", Name)
|
||||
return &path{homeDir: homeDir, configFile: "config.yaml"}
|
||||
return &path{homeDir: homeDir, configFile: "config.yaml", allowUnsafePath: allowUnsafePath}
|
||||
}()
|
||||
|
||||
type path struct {
|
||||
homeDir string
|
||||
configFile string
|
||||
homeDir string
|
||||
configFile string
|
||||
allowUnsafePath bool
|
||||
}
|
||||
|
||||
// SetHomeDir is used to set the configuration path
|
||||
|
@ -56,8 +57,11 @@ func (p *path) Resolve(path string) string {
|
|||
return path
|
||||
}
|
||||
|
||||
// IsSubPath return true if path is a subpath of homedir
|
||||
func (p *path) IsSubPath(path string) bool {
|
||||
// IsSafePath return true if path is a subpath of homedir
|
||||
func (p *path) IsSafePath(path string) bool {
|
||||
if p.allowUnsafePath {
|
||||
return true
|
||||
}
|
||||
homedir := p.HomeDir()
|
||||
path = p.Resolve(path)
|
||||
rel, err := filepath.Rel(homedir, path)
|
||||
|
|
|
@ -773,7 +773,7 @@ proxy-providers:
|
|||
type: http
|
||||
url: "url"
|
||||
interval: 3600
|
||||
path: ./provider1.yaml
|
||||
path: ./provider1.yaml # 默认只允许存储在 clash 的 Home Dir,如果想存储到任意位置,添加环境变量 SKIP_SAFE_PATH_CHECK=1
|
||||
health-check:
|
||||
enable: true
|
||||
interval: 600
|
||||
|
@ -790,7 +790,7 @@ rule-providers:
|
|||
rule1:
|
||||
behavior: classical # domain ipcidr
|
||||
interval: 259200
|
||||
path: /path/to/save/file.yaml
|
||||
path: /path/to/save/file.yaml # 默认只允许存储在 clash 的 Home Dir,如果想存储到任意位置,添加环境变量 SKIP_SAFE_PATH_CHECK=1
|
||||
type: http
|
||||
url: "url"
|
||||
rule2:
|
||||
|
|
Loading…
Reference in a new issue