From bd1ade4d32a6326b1acb1b5afdbf1b261e72e1a8 Mon Sep 17 00:00:00 2001 From: Jacob Su Date: Tue, 29 Oct 2024 11:05:19 +0800 Subject: [PATCH] fix code scanning warning: uncontrolled data used in path expression. --- platform/srs-hooks.go | 25 +++++++++++++++++++------ 1 file changed, 19 insertions(+), 6 deletions(-) diff --git a/platform/srs-hooks.go b/platform/srs-hooks.go index 7001b648..d06a8899 100644 --- a/platform/srs-hooks.go +++ b/platform/srs-hooks.go @@ -730,15 +730,28 @@ func handleOnHls(ctx context.Context, handler *http.ServeMux) error { return errors.Errorf("invalid action=%v", msg.Action) } - if _, err := os.Stat(msg.File); err != nil { - logger.Tf(ctx, "invalid ts file %v", msg.File) + path, err := filepath.Abs(filepath.Clean(msg.File)) + if err != nil { + return errors.Errorf("invalid file path %v", msg.File) + } + logger.Tf(ctx, "ts file path: %v", path) + fileExtension := filepath.Ext(path) + switch fileExtension { + case ".ts", ".mp4", ".m4s": + break + default: + return errors.Errorf("invalid file extension %v", fileExtension) + } + + if _, err := os.Stat(path); err != nil { + logger.Tf(ctx, "invalid ts file %v", path) - if err := os.MkdirAll(filepath.Dir(msg.File), 0755); err != nil { - return errors.Wrapf(err, "failed to create ts file directory %v", filepath.Dir(msg.File)) + if err := os.MkdirAll(filepath.Dir(path), 0755); err != nil { + return errors.Wrapf(err, "failed to create ts file directory %v", filepath.Dir(path)) } - if tsFile, err := os.Create(msg.File); err != nil { - return errors.Wrapf(err, "failed to create ts file %v", msg.File) + if tsFile, err := os.Create(path); err != nil { + return errors.Wrapf(err, "failed to create ts file %v", path) } else { tsUrl := "http://" + os.Getenv("SRS_HOST") + ":" + os.Getenv("SRS_HTTP_STREAM_PORT") + "/" + msg.URL logger.Tf(ctx, "download ts from %v", tsUrl)