andre/mihomo
1
0
Fork 0
mirror of https://github.com/MetaCubeX/mihomo.git synced 2026-03-06 22:29:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore: the updateConfigs api also adds a check for SAFE_PATHS

Browse Source
This commit is contained in:
wwqgtxx
2025-05-12 11:24:56 +08:00
parent a4fcd3af07
commit 2116640886
8 changed files with 43 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
rules/provider/parse.go
View File

@@ -1,7 +1,6 @@
package provider
import (
"errors"
"fmt"
"time"
@@ -12,10 +11,6 @@ import (
"github.com/metacubex/mihomo/rules/common"
)
var (
errSubPath = errors.New("path is not subpath of home directory")
)
type ruleProviderSchema struct {
Type string `provider:"type"`
Behavior string `provider:"behavior"`
@@ -53,7 +48,7 @@ func ParseRuleProvider(name string, mapping map[string]any, parse common.ParseRu
if schema.Path != "" {
path = C.Path.Resolve(schema.Path)
if !C.Path.IsSafePath(path) {
return nil, fmt.Errorf("%w: %s", errSubPath, path)
return nil, C.Path.ErrNotSafePath(path)
}
}
vehicle = resource.NewHTTPVehicle(schema.URL, path, schema.Proxy, nil, resource.DefaultHttpTimeout, schema.SizeLimit)