Fix CVE-2021-27116 CVE-2021-27117

1. Adding O_NOFOLLOW flag to prevent symlink attacks These changes help protect against various security issues including: - Symlink attacks where attackers could trick the application into modifying unintended files - Privilege escalation through improper file permissions Signed-off-by: chengjingtao <jtcheng0616@gmail.com>
2025-03-11 18:57:45 +08:00
parent 5e9c913b47
commit 1f40a88b0c
8 changed files with 21 additions and 12 deletions
--- a/client/httplib/httplib.go
+++ b/client/httplib/httplib.go
@@ -44,6 +44,7 @@ import (
 	"os"
 	"path/filepath"
 	"strings"
+	"syscall"
 	"time"

 	"gopkg.in/yaml.v3"
@@ -615,7 +616,7 @@ func (b *BeegoHTTPRequest) ToFile(filename string) error {
 	if err != nil {
 		return err
 	}
-	f, err := os.Create(filename)
+	f, err := os.OpenFile(filename, os.O_RDWR|os.O_CREATE|syscall.O_NOFOLLOW, 0600)
 	if err != nil {
 		return err
 	}