From a12f5757372f751d25f9e5ca1f168f6920ded894 Mon Sep 17 00:00:00 2001
From: JakobDev <jakobdev@gmx.de>
Date: Wed, 8 Mar 2023 08:07:58 +0100
Subject: [PATCH] Clean Path in Options (#23006)

At the Moment it is possible to read files in another Directory as
supposed using the Options functions. e.g.
`options.Gitignore("../label/Default) `. This was discovered while
working on #22783, which exposes `options.Gitignore()` through the
public API. At the moment, this is not a security problem, as this
function is only used internal, but I thought it would be a good idea to
make a PR to fix this for all types of Options files, not only
Gitignore, to make it safe for the further. This PR should be merged
before the linked PR.

---------

Co-authored-by: Jason Song <i@wolfogre.com>
---
 modules/options/dynamic.go | 8 ++++----
 modules/options/static.go  | 8 ++++----
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/modules/options/dynamic.go b/modules/options/dynamic.go
index a20253676e..f9b3714b8f 100644
--- a/modules/options/dynamic.go
+++ b/modules/options/dynamic.go
@@ -79,22 +79,22 @@ func WalkLocales(callback func(path, name string, d fs.DirEntry, err error) erro
 
 // Readme reads the content of a specific readme from static or custom path.
 func Readme(name string) ([]byte, error) {
-	return fileFromDir(path.Join("readme", name))
+	return fileFromDir(path.Join("readme", path.Clean("/"+name)))
 }
 
 // Gitignore reads the content of a specific gitignore from static or custom path.
 func Gitignore(name string) ([]byte, error) {
-	return fileFromDir(path.Join("gitignore", name))
+	return fileFromDir(path.Join("gitignore", path.Clean("/"+name)))
 }
 
 // License reads the content of a specific license from static or custom path.
 func License(name string) ([]byte, error) {
-	return fileFromDir(path.Join("license", name))
+	return fileFromDir(path.Join("license", path.Clean("/"+name)))
 }
 
 // Labels reads the content of a specific labels from static or custom path.
 func Labels(name string) ([]byte, error) {
-	return fileFromDir(path.Join("label", name))
+	return fileFromDir(path.Join("label", path.Clean("/"+name)))
 }
 
 // fileFromDir is a helper to read files from static or custom path.
diff --git a/modules/options/static.go b/modules/options/static.go
index ff3c86d3f8..2405d658bf 100644
--- a/modules/options/static.go
+++ b/modules/options/static.go
@@ -84,22 +84,22 @@ func WalkLocales(callback func(path, name string, d fs.DirEntry, err error) erro
 
 // Readme reads the content of a specific readme from bindata or custom path.
 func Readme(name string) ([]byte, error) {
-	return fileFromDir(path.Join("readme", name))
+	return fileFromDir(path.Join("readme", path.Clean("/"+name)))
 }
 
 // Gitignore reads the content of a gitignore locale from bindata or custom path.
 func Gitignore(name string) ([]byte, error) {
-	return fileFromDir(path.Join("gitignore", name))
+	return fileFromDir(path.Join("gitignore", path.Clean("/"+name)))
 }
 
 // License reads the content of a specific license from bindata or custom path.
 func License(name string) ([]byte, error) {
-	return fileFromDir(path.Join("license", name))
+	return fileFromDir(path.Join("license", path.Clean("/"+name)))
 }
 
 // Labels reads the content of a specific labels from static or custom path.
 func Labels(name string) ([]byte, error) {
-	return fileFromDir(path.Join("label", name))
+	return fileFromDir(path.Join("label", path.Clean("/"+name)))
 }
 
 // fileFromDir is a helper to read files from bindata or custom path.