extern/glance
1
0
Fork 0
mirror of https://github.com/glanceapp/glance.git synced 2025-06-21 10:27:45 +02:00
Code Issues Packages Projects Releases Wiki Activity

Prevent infinite config include recursion

Browse Source
This commit is contained in:
Svilen Markov 2025-02-27 07:22:18 +00:00
parent 2738613344
commit ce293ed891
1 changed files with 10 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
internal/glance/config.go
View File

@ -17,6 +17,8 @@ import (
"gopkg.in/yaml.v3"
)
const CONFIG_INCLUDE_RECURSION_DEPTH_LIMIT = 20
type config struct {
Server struct {
Host string `yaml:"host"`
@ -147,10 +149,14 @@ func formatWidgetInitError(err error, w widget) error {
var includePattern = regexp.MustCompile(`(?m)^([ \t]*)(?:-[ \t]*)?(?:!|\$)include:[ \t]*(.+)$`)
func parseYAMLIncludes(mainFilePath string) ([]byte, map[string]struct{}, error) {
return recursiveParseYAMLIncludes(mainFilePath, nil)
return recursiveParseYAMLIncludes(mainFilePath, nil, 0)
}
func recursiveParseYAMLIncludes(mainFilePath string, includes map[string]struct{}) ([]byte, map[string]struct{}, error) {
func recursiveParseYAMLIncludes(mainFilePath string, includes map[string]struct{}, depth int) ([]byte, map[string]struct{}, error) {
if depth > CONFIG_INCLUDE_RECURSION_DEPTH_LIMIT {
return nil, nil, fmt.Errorf("recursion depth limit of %d reached", CONFIG_INCLUDE_RECURSION_DEPTH_LIMIT)
}
mainFileContents, err := os.ReadFile(mainFilePath)
if err != nil {
return nil, nil, fmt.Errorf("reading %s: %w", mainFilePath, err)
@ -189,9 +195,9 @@ func recursiveParseYAMLIncludes(mainFilePath string, includes map[string]struct{
includes[includeFilePath] = struct{}{}
fileContents, includes, err = recursiveParseYAMLIncludes(includeFilePath, includes)
fileContents, includes, err = recursiveParseYAMLIncludes(includeFilePath, includes, depth+1)
if err != nil {
includesLastErr = fmt.Errorf("recursively parsing included file %s: %w", includeFilePath, err)
includesLastErr = err
return nil
}