From 73f8da091e7a187e8275ae78112198e83ddef5d7 Mon Sep 17 00:00:00 2001 From: Skyxim Date: Sun, 11 Jun 2023 01:55:49 +0000 Subject: [PATCH] chore: allow unsafe path for provider by environment variable --- adapter/provider/parser.go | 2 +- constant/path.go | 16 ++++++++++------ docs/config.yaml | 4 ++-- 3 files changed, 13 insertions(+), 9 deletions(-) diff --git a/adapter/provider/parser.go b/adapter/provider/parser.go index 07bef4e5..2281c89b 100644 --- a/adapter/provider/parser.go +++ b/adapter/provider/parser.go @@ -67,7 +67,7 @@ func ParseProxyProvider(name string, mapping map[string]any) (types.ProxyProvide case "file": vehicle = resource.NewFileVehicle(path) case "http": - if !C.Path.IsSubPath(path) { + if !C.Path.IsSafePath(path) { return nil, fmt.Errorf("%w: %s", errSubPath, path) } vehicle = resource.NewHTTPVehicle(schema.URL, path) diff --git a/constant/path.go b/constant/path.go index e724e6b4..a3124b24 100644 --- a/constant/path.go +++ b/constant/path.go @@ -20,14 +20,15 @@ var Path = func() *path { if err != nil { homeDir, _ = os.Getwd() } - + allowUnsafePath := strings.TrimSpace(os.Getenv("SKIP_SAFE_PATH_CHECK")) == "1" homeDir = P.Join(homeDir, ".config", Name) - return &path{homeDir: homeDir, configFile: "config.yaml"} + return &path{homeDir: homeDir, configFile: "config.yaml", allowUnsafePath: allowUnsafePath} }() type path struct { - homeDir string - configFile string + homeDir string + configFile string + allowUnsafePath bool } // SetHomeDir is used to set the configuration path @@ -56,8 +57,11 @@ func (p *path) Resolve(path string) string { return path } -// IsSubPath return true if path is a subpath of homedir -func (p *path) IsSubPath(path string) bool { +// IsSafePath return true if path is a subpath of homedir +func (p *path) IsSafePath(path string) bool { + if p.allowUnsafePath { + return true + } homedir := p.HomeDir() path = p.Resolve(path) rel, err := filepath.Rel(homedir, path) diff --git a/docs/config.yaml b/docs/config.yaml index 4239abcf..27c6a331 100644 --- a/docs/config.yaml +++ b/docs/config.yaml @@ -773,7 +773,7 @@ proxy-providers: type: http url: "url" interval: 3600 - path: ./provider1.yaml + path: ./provider1.yaml # 默认只允许存储在 clash 的 Home Dir,如果想存储到任意位置,添加环境变量 SKIP_SAFE_PATH_CHECK=1 health-check: enable: true interval: 600 @@ -790,7 +790,7 @@ rule-providers: rule1: behavior: classical # domain ipcidr interval: 259200 - path: /path/to/save/file.yaml + path: /path/to/save/file.yaml # 默认只允许存储在 clash 的 Home Dir,如果想存储到任意位置,添加环境变量 SKIP_SAFE_PATH_CHECK=1 type: http url: "url" rule2: