Issue #4232 - Fix CWE-22 Path/Directory Traversal issues

Signed-off-by: Oleksandr Mordyk <[email protected]>
open-horizon · Jan 31, 2025 · 203c266 · 203c266
1 parent 6cef591
commit 203c266
Show file tree

Hide file tree

Showing 6 changed files with 6 additions and 6 deletions.
diff --git a/api/path_publickey.go b/api/path_publickey.go
@@ -111,7 +111,7 @@ func UploadPublicKey(filename string,
 		return errorhandler(NewAPIUserInputError(fmt.Sprintf("provided public key or cert is not valid; error: %v", err), "trusted cert file"))
 	} else if err := os.MkdirAll(targetPath, 0644); err != nil {
 		return errorhandler(NewSystemError(fmt.Sprintf("unable to create trusted cert directory %v, error: %v", targetPath, err)))
-	} else if err := ioutil.WriteFile(targetFile, inBytes, 0644); err != nil {
+	} else if err := os.WriteFile(targetFile, inBytes, 0644); err != nil {
 		return errorhandler(NewSystemError(fmt.Sprintf("unable to write uploaded trusted cert file %v, error: %v", targetFile, err)))
 	}
 	return false

diff --git a/cli/cliconfig/config.go b/cli/cliconfig/config.go
@@ -88,7 +88,7 @@ func GetConfig(configFile string) (*HorizonCliConfig, error) {
 
 	cliutils.Verbose(msgPrinter.Sprintf("Reading configuration file: %v", configFile))
 
-	fileBytes, err := ioutil.ReadFile(configFile)
+	fileBytes, err := os.ReadFile(configFile)
 	if err != nil {
 		return nil, fmt.Errorf(msgPrinter.Sprintf("Unable to read config file: %v. %v", configFile, err))
 	}

diff --git a/cli/cliutils/cliutils.go b/cli/cliutils/cliutils.go
@@ -1111,7 +1111,7 @@ func TrustIcpCert(httpClient *http.Client) error {
 	}
 
 	if icpCertPath != "" {
-		icpCert, err := ioutil.ReadFile(icpCertPath)
+		icpCert, err := os.ReadFile(icpCertPath)
 		if err != nil {
 			return fmt.Errorf(i18n.GetMessagePrinter().Sprintf("Encountered error reading ICP cert file %v: %v", icpCertPath, err))
 		}

diff --git a/config/collaborators.go b/config/collaborators.go
@@ -112,7 +112,7 @@ func newHTTPClientFactory(hConfig HorizonConfig) (*HTTPClientFactory, error) {
 
 	if mhCertPath != "" {
 		var err error
-		mgmtHubBytes, err = ioutil.ReadFile(mhCertPath)
+		mgmtHubBytes, err = os.ReadFile(mhCertPath)
 		if err != nil {
 			return nil, fmt.Errorf("Failed to read Cert File: %v", mhCertPath)
 		}

diff --git a/container/container.go b/container/container.go
@@ -1285,7 +1285,7 @@ func (b *ContainerWorker) ResourcesCreate(agreementId string, agreementProtocol
 
 		glog.V(5).Infof("Writing raw config to file in %v. Config data: %v", workloadRWStorageDir, string(configureRaw))
 		// write raw to workloadRWStorageDir
-		if err := ioutil.WriteFile(path.Join(workloadRWStorageDir, "Configure"), configureRaw, 0644); err != nil {
+		if err := os.WriteFile(path.Join(workloadRWStorageDir, "Configure"), configureRaw, 0644); err != nil {
 			return nil, err
 		}
 	} else {

diff --git a/css/horizonAuthenticate.go b/css/horizonAuthenticate.go
@@ -516,7 +516,7 @@ func newHTTPClient(certPath string) (*http.Client, error) {
 
 	if certPath != "" {
 		var err error
-		caBytes, err = ioutil.ReadFile(certPath)
+		caBytes, err = os.ReadFile(certPath)
 		if err != nil {
 			return nil, errors.New(fmt.Sprintf("unable to read %v, error %v", certPath, err))
 		}