fix: Gosec/sec fixes (#2004)

* Customization of the initialization file * fix: G601 (CWE-118): Implicit memory aliasing in for loop * fix: G304 (CWE-22): Potential file inclusion via variable * fix: G110 (CWE-409): Potential DoS vulnerability via decompression bomb
2025-07-01 10:00:19 +08:00 · 2023-06-21 13:55:20 +03:00
parent d505a4bf2d
commit 6ebca6dbe7
11 changed files with 25 additions and 9 deletions
--- a/util/string.go
+++ b/util/string.go
@ -22,6 +22,7 @@ import (
 	"fmt"
 	"math/rand"
 	"os"
+	"path/filepath"
 	"strconv"
 	"strings"
 	"time"
@ -201,7 +202,7 @@ func GetMinLenStr(strs ...string) string {
 }

 func ReadStringFromPath(path string) string {
-	data, err := os.ReadFile(path)
+	data, err := os.ReadFile(filepath.Clean(path))
 	if err != nil {
 		panic(err)
 	}
--- a/util/system.go
+++ b/util/system.go
@ -18,6 +18,7 @@ import (
 	"bufio"
 	"os"
 	"path"
+	"path/filepath"
 	"regexp"
 	"runtime"
 	"strconv"
@ -155,7 +156,7 @@ func GetVersionInfoFromFile() (*VersionInfo, error) {

 	_, filename, _, _ := runtime.Caller(0)
 	rootPath := path.Dir(path.Dir(filename))
-	file, err := os.Open(path.Join(rootPath, "version_info.txt"))
+	file, err := os.Open(filepath.Clean(path.Join(rootPath, "version_info.txt")))
 	if err != nil {
 		return res, err
 	}