server/beego
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fixed #5763,fixed #5760 : Add utils.securopen func to fix not syscall.O_NOFOLLOW on Windows (#5764)

Browse Source
This commit is contained in:
lengpucheng
2025-04-04 23:24:26 +08:00
committed by GitHub
parent 5fa33bc11b
commit 8b65fc75c4
5 changed files with 86 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
core/utils/secureopen.go Normal file
View File

@@ -0,0 +1,29 @@
// Copyright 2014 beego Author. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//go:build !windows
// +build !windows
package utils
import (
"os"
"syscall"
)
// OpenFileSecure Secure file opening function
// Automatically add O_NOFOLLOW on Unix systems
func OpenFileSecure(name string, flag int, perm os.FileMode) (*os.File, error) {
return os.OpenFile(name, flag|syscall.O_NOFOLLOW, perm)
}

47
core/utils/secureopen_windows.go Normal file
View File

@@ -0,0 +1,47 @@
// Copyright 2014 beego Author. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//go:build windows
// +build windows
package utils
import (
"os"
"syscall"
)
// OpenFileSecure Secure file opening function
// Check whether it is a symbolic connection in Windows
// NOTE: This check does not prevent TOCTOU vulnerability on Windows,
// due to lack of O_NOFOLLOW or equivalent low-level open options in Go stdlib.
func OpenFileSecure(name string, flag int, perm os.FileMode) (*os.File, error) {
// Check if it's a symbolic link
if fi, err := os.Lstat(name); err == nil {
if isSymlink(fi) {
return nil, &os.PathError{
Op: "open",
Path: name,
Err: syscall.ERROR_ACCESS_DENIED,
}
}
}
// Open the file in the normal way
return os.OpenFile(name, flag, perm)
}
// isSymlink Check if the file is a symbolic link
func isSymlink(fi os.FileInfo) bool {
return fi.Mode()&os.ModeSymlink != 0
}