forked from security/hakurei
Ophestra
274686d10d
These are free of the dispatcher from internal/app. This change relocates them into their own package. Signed-off-by: Ophestra <cat@gensokyo.uk>
21 lines
643 B
Go
21 lines
643 B
Go
// Package validate provides functions for validating string values of various types.
|
|
package validate
|
|
|
|
import (
|
|
"path/filepath"
|
|
"strings"
|
|
)
|
|
|
|
// DeepContainsH returns whether basepath is equivalent to or is the parent of targpath.
|
|
//
|
|
// This is used for path hiding warning behaviour, the purpose of which is to improve
|
|
// user experience and is *not* a security feature and must not be treated as such.
|
|
func DeepContainsH(basepath, targpath string) (bool, error) {
|
|
const upper = ".." + string(filepath.Separator)
|
|
|
|
rel, err := filepath.Rel(basepath, targpath)
|
|
return err == nil &&
|
|
rel != ".." &&
|
|
!strings.HasPrefix(rel, upper), err
|
|
}
|