fix: fix the delete file vulnerability issue (#1174)

2025-05-23 10:45:47 +08:00 · 2022-10-01 00:33:27 +08:00 · 2022-10-01 00:33:27 +08:00 · 645c631db9
commit 645c631db9
parent 3128e68df4
1 changed files with 5 additions and 0 deletions
--- a/object/storage.go
+++ b/object/storage.go
@ -127,6 +127,11 @@ func UploadFileSafe(provider *Provider, fullFilePath string, fileBuffer *bytes.B
 }
 func DeleteFile(provider *Provider, objectKey string) error {
 	// check fullFilePath is there security issue
 	if strings.Contains(objectKey, "..") {
 		return fmt.Errorf("the objectKey: %s is not allowed", objectKey)
 	}
 	endpoint := getProviderEndpoint(provider)
 	storageProvider := storage.GetStorageProvider(provider.Type, provider.ClientId, provider.ClientSecret, provider.RegionId, provider.Bucket, endpoint)
 	if storageProvider == nil {