mirror of
https://github.com/ppy/osu.git
synced 2026-05-17 11:22:54 +08:00
Bartłomiej Dach
38 lines
1.4 KiB
C#
38 lines
1.4 KiB
C#
// Copyright (c) ppy Pty Ltd <contact@ppy.sh>. Licensed under the MIT Licence.
|
|
// See the LICENCE file in the repository root for full licence text.
|
|
|
|
using System;
|
|
using System.IO;
|
|
|
|
namespace osu.Game.Utils
|
|
{
|
|
public static class FilesystemSanityCheckHelpers
|
|
{
|
|
/// <summary>
|
|
/// Returns whether <paramref name="path"/> is potentially susceptible to path traversal style attacks.
|
|
/// </summary>
|
|
public static bool IncursPathTraversalRisk(string path)
|
|
=> path.Contains("../", StringComparison.Ordinal) || path.Contains("..\\", StringComparison.Ordinal) || Path.IsPathRooted(path);
|
|
|
|
/// <summary>
|
|
/// Returns whether <paramref name="child"/> is a subdirectory (direct or nested) of <paramref name="parent"/>.
|
|
/// </summary>
|
|
public static bool IsSubDirectory(string parent, string child)
|
|
{
|
|
// `Path.GetFullPath()` invocations are required to fully resolve the paths to unambiguous downwards-traversal-only paths.
|
|
var parentInfo = new DirectoryInfo(Path.GetFullPath(parent));
|
|
var childInfo = new DirectoryInfo(Path.GetFullPath(child));
|
|
|
|
while (childInfo != null)
|
|
{
|
|
if (parentInfo.FullName == childInfo.FullName)
|
|
return true;
|
|
|
|
childInfo = childInfo.Parent;
|
|
}
|
|
|
|
return false;
|
|
}
|
|
}
|
|
}
|