Archives/gophi
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

move CgiEnabled checks all to execute(), makes ensuring CGI disabled MUCH easier

Browse Source 
Signed-off-by: kim (grufwub) <grufwub@gmail.com>
This commit is contained in:
kim (grufwub) 2020-05-07 21:48:16 +01:00
parent 0c4c48d9d3
commit 61554f10b4
3 changed files with 21 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
exec.go
View File

@ -32,9 +32,6 @@ func setupInitialCgiEnviron(path string) []string {
}
func executeCgi(responder *Responder) *GophorError {
/* Easier if we grab a pointer to the request here */
request := responder.Request
/* Get initial CgiEnv variables */
cgiEnv := Config.CgiEnv
cgiEnv = append(cgiEnv, envKeyValue("SERVER_NAME", responder.Host.Name())) /* MUST be set to name of server host client is connecting to */
@ -43,17 +40,17 @@ func executeCgi(responder *Responder) *GophorError {
/* We store the query string in Parameters[0]. Ensure we git without initial delimiter */
var queryString string
if len(request.Parameters[0]) > 0 {
queryString = request.Parameters[0][1:]
if len(responder.Request.Parameters[0]) > 0 {
queryString = responder.Request.Parameters[0][1:]
} else {
queryString = request.Parameters[0]
queryString = responder.Request.Parameters[0]
}
cgiEnv = append(cgiEnv, envKeyValue("QUERY_STRING", queryString)) /* URL encoded search or parameter string, MUST be set even if empty */
cgiEnv = append(cgiEnv, envKeyValue("SCRIPT_NAME", "/"+request.RelPath())) /* URI path (not URL encoded) which could identify the CGI script (rather than script's output) */
cgiEnv = append(cgiEnv, envKeyValue("SCRIPT_FILENAME", request.AbsPath())) /* Basically SCRIPT_NAME absolute path */
cgiEnv = append(cgiEnv, envKeyValue("SELECTOR", request.SelectorPath()))
cgiEnv = append(cgiEnv, envKeyValue("DOCUMENT_ROOT", request.RootDir()))
cgiEnv = append(cgiEnv, envKeyValue("REQUEST_URI", "/"+request.RelPath()+request.Parameters[0]))
cgiEnv = append(cgiEnv, envKeyValue("SCRIPT_NAME", "/"+responder.Request.RelPath())) /* URI path (not URL encoded) which could identify the CGI script (rather than script's output) */
cgiEnv = append(cgiEnv, envKeyValue("SCRIPT_FILENAME", responder.Request.AbsPath())) /* Basically SCRIPT_NAME absolute path */
cgiEnv = append(cgiEnv, envKeyValue("SELECTOR", responder.Request.SelectorPath()))
cgiEnv = append(cgiEnv, envKeyValue("DOCUMENT_ROOT", responder.Request.RootDir()))
cgiEnv = append(cgiEnv, envKeyValue("REQUEST_URI", "/"+responder.Request.RelPath()+responder.Request.Parameters[0]))
/* Fuck it. For now, we don't support PATH_INFO. It's a piece of shit variable */
// cgiEnv = append(cgiEnv, envKeyValue("PATH_INFO", responder.Parameters[0])) /* Sub-resource to be fetched by script, derived from path hierarch portion of URI. NOT URL encoded */
@ -83,7 +80,7 @@ func executeCgi(responder *Responder) *GophorError {
},
)
gophorErr := execute(skipPrefixWriter, cgiEnv, request.AbsPath(), nil)
gophorErr := execute(skipPrefixWriter, cgiEnv, responder.Request.AbsPath(), nil)
if gophorErr != nil {
return gophorErr
} else if !contentTypeReached {
@ -105,6 +102,11 @@ func executeCommand(responder *Responder) *GophorError {
}
func execute(writer io.Writer, env []string, path string, args []string) *GophorError {
/* If CGI disbabled, just return error */
if !Config.CgiEnabled {
return &GophorError{ CgiDisabledErr, nil }
}
/* Setup command */
var cmd *exec.Cmd
if args != nil {

14
filecontents.go
View File

@ -236,13 +236,9 @@ func readGophermap(request *Request) ([]GophermapSection, *GophorError) {
subRequest := &Request{ subRelPath, subParameters }
if !subRequest.PathHasAbsPrefix("/") {
if Config.CgiEnabled {
/* Special case here where command must be in path, return GophermapExecCommand */
sections = append(sections, &GophermapExecCommandSection{ subRequest })
break
} else {
break
}
/* Special case here where command must be in path, return GophermapExecCommand */
sections = append(sections, &GophermapExecCommandSection{ subRequest })
break
} else if subRequest.RelPath() == "" {
/* path cleaning failed */
break
@ -261,7 +257,7 @@ func readGophermap(request *Request) ([]GophermapSection, *GophorError) {
/* Check if we've been supplied subgophermap or regular file */
if subRequest.PathHasAbsSuffix(GophermapFileStr) {
/* If executable, store as GophermapExecutable, else readGophermap() */
if Config.CgiEnabled && stat.Mode().Perm() & 0100 != 0 {
if stat.Mode().Perm() & 0100 != 0 {
sections = append(sections, &GophermapExecFileSection { subRequest })
} else {
/* Treat as any other gophermap! */
@ -269,7 +265,7 @@ func readGophermap(request *Request) ([]GophermapSection, *GophorError) {
}
} else {
/* If stored in cgi-bin store as GophermapExecutable, else read into GophermapText */
if Config.CgiEnabled && subRequest.PathHasRelPrefix(CgiBinDirStr) {
if subRequest.PathHasRelPrefix(CgiBinDirStr) {
sections = append(sections, &GophermapExecCgiSection{ subRequest })
} else {
sections = append(sections, &GophermapFileSection{ subRequest })

12
filesystem.go
View File

@ -97,11 +97,7 @@ func (fs *FileSystem) HandleRequest(responder *Responder) *GophorError {
responder.Request = gophermapRequest
if stat.Mode().Perm() & 0100 != 0 {
if Config.CgiEnabled {
return responder.SafeFlush(executeFile(responder))
} else {
return &GophorError{ CgiDisabledErr, nil }
}
return responder.SafeFlush(executeFile(responder))
} else {
return fs.FetchFile(responder)
}
@ -114,11 +110,7 @@ func (fs *FileSystem) HandleRequest(responder *Responder) *GophorError {
case stat.Mode() & os.ModeType == 0:
/* If cgi-bin and CGI enabled, return executed contents. Else, fetch */
if responder.Request.PathHasRelPrefix(CgiBinDirStr) {
if Config.CgiEnabled {
return responder.SafeFlush(executeCgi(responder))
} else {
return &GophorError{ CgiDisabledErr, nil }
}
return responder.SafeFlush(executeCgi(responder))
} else {
return fs.FetchFile(responder)
}