Skip to content

Script filename from SasUri cannot contain / #9

Description

@ArchangelSDY

I have a script source SasUri like:

https://xxx.blob.windows.net/container/foo/bar.sh

According to:

fileName, blobPathError := getBlobPathAfterContainerName(blobURI, containerRef.Name)
if fileName == "" {
return "", errors.Wrapf(blobPathError, "cannot extract blob path name from URL: %q", blobURI)
}
blobref := containerRef.GetBlobReference(fileName)
reader, err := blobref.Get(nil)
if err != nil {
return "", errors.Wrapf(err, "unable to open storage blob: %q", blobURI)
}
scriptFilePath := filepath.Join(targetDir, fileName)
const mode = 0500 // scripts should have execute permissions
file, err := os.OpenFile(scriptFilePath, os.O_WRONLY|os.O_TRUNC|os.O_CREATE, mode)
if err != nil {
return "", errors.Wrap(err, "failed to open file for writing: "+scriptFilePath)
}
defer file.Close()

fileName becomes foo/bar.sh. However, directory foo doesn't exist so the open below always fails.

Suggest using fixed file name like a GUID. Otherwise you have to deal with .. and / in paths which could cause a lot of security troubles.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type
    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions