Slug.Boi/cocommit
1
0
Fork 0
mirror of https://github.com/Slug-Boi/cocommit.git synced 2026-05-13 12:45:47 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix: bug with the update tool and paths not being correct. Changed to abs path checks

Browse Source
This commit is contained in:
Slug-Boi
2025-01-14 14:40:31 +01:00
parent 667c25b162
commit 1ea3d94421
1 changed files with 26 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/cmd/update.go
+26 -6
View File
@@ -30,6 +30,17 @@ var updateCmd = &cobra.Command{
Long: `This command will try to update the cocommit cli tool by either running the update script or by running the go get Command if the -g flag is set.`,
Run: func(cmd *cobra.Command, args []string) {
gflag, _ := cmd.Flags().GetBool("go-get")
cflag, _ := cmd.Flags().GetBool("check")
if cflag {
fmt.Println("Checking if Cocommit is up to date")
if update {
update_msg()
} else {
fmt.Println("Cocommit is up to date")
}
os.Exit(0)
}
// check version of the cli tool
Github, err := http.Get("https://api.github.com/repos/Slug-Boi/cocommit/releases/latest")
@@ -137,12 +148,12 @@ func updateScript() {
}
err = unzipper("./", r)
if err != nil {
fmt.Println("Error unzipping file")
panic("Error unzipping file - " + err.Error())
}
swapper(exec_path)
fmt.Println("Cocommit cli tool updated successfully")
fmt.Println(update_style.Render("Cocommit cli tool updated successfully"))
}
func swapper(exec_path string) {
@@ -203,10 +214,18 @@ func unzipper(dst string, r io.Reader) error {
// the target location where the dir/file should be created
target := filepath.Join(dst, header.Name)
// ensure the target path is within the destination directory
if !strings.HasPrefix(target, filepath.Clean(dst)+string(os.PathSeparator)) {
return fmt.Errorf("illegal file path: %s", target)
}
// ensure the target path is within the destination directory
cleanTarget, err := filepath.Abs(target)
if err != nil {
return fmt.Errorf("failed to get absolute path: %v", err)
}
cleanDst, err := filepath.Abs(dst)
if err != nil {
return fmt.Errorf("failed to get absolute path: %v", err)
}
if !strings.HasPrefix(cleanTarget, cleanDst+string(os.PathSeparator)) {
return fmt.Errorf("illegal file path: %s\nExpected: %s", cleanTarget, cleanDst+string(os.PathSeparator))
}
// check the file type
switch header.Typeflag {
@@ -241,4 +260,5 @@ func unzipper(dst string, r io.Reader) error {
func init() {
rootCmd.AddCommand(updateCmd)
updateCmd.Flags().BoolP("go-get", "g", false, "Use the go get command to update the cocommit cli tool")
updateCmd.Flags().BoolP("check", "c", false, "Check if the cocommit cli tool is up to date")
}