diff --git a/cmd/chain-maind/app/app.go b/cmd/chain-maind/app/app.go index 857d32ebf..3b8f84a96 100644 --- a/cmd/chain-maind/app/app.go +++ b/cmd/chain-maind/app/app.go @@ -3,9 +3,9 @@ package app import ( "context" "encoding/json" - "fmt" "io" "os" + "path/filepath" "github.com/cosmos/cosmos-sdk/codec" "github.com/crypto-com/chain-main/app/params" @@ -143,11 +143,9 @@ func initRootCmd(rootCmd *cobra.Command, encodingConfig params.EncodingConfig) { config.SetRoot(clientCtx.HomeDir) path := config.GenesisFile() - file, err := os.OpenFile(path, os.O_RDWR, 0600) - if !chaingenutilcli.IsValidPath(path) { - return fmt.Errorf("insecure filepath %s", path) - } - + cleanedPath := filepath.Clean(path) + // nolint: gosec + file, err := os.OpenFile(cleanedPath, os.O_RDWR, 0600) if err != nil { return err } diff --git a/x/genutil/client/cli/gentx.go b/x/genutil/client/cli/gentx.go index 9e6ddf3b4..f5b0aab1e 100644 --- a/x/genutil/client/cli/gentx.go +++ b/x/genutil/client/cli/gentx.go @@ -9,7 +9,6 @@ import ( "io/ioutil" "os" "path/filepath" - "strings" "github.com/pkg/errors" "github.com/spf13/cobra" @@ -245,26 +244,10 @@ func readUnsignedGenTxFile(clientCtx client.Context, r io.Reader) (sdk.Tx, error return aTx, err } -func IsValidPath(target string) bool { - if strings.Contains(target, "..") { - return false - } - words := []string{"", "/*", "/usr/local/bin/*", "/usr/bin/*", "/bin/*"} - - for _, pattern := range words { - matched, err := filepath.Match(pattern, target) - if matched || err != nil { - return false - } - } - return true -} - func writeSignedGenTx(clientCtx client.Context, outputDocument string, tx sdk.Tx) error { - outputFile, err := os.OpenFile(outputDocument, os.O_CREATE|os.O_EXCL|os.O_WRONLY, 0600) - if !IsValidPath(outputDocument) { - return fmt.Errorf("insecure filepath %s", outputDocument) - } + cleanedPath := filepath.Clean(outputDocument) + // nolint: gosec + outputFile, err := os.OpenFile(cleanedPath, os.O_CREATE|os.O_EXCL|os.O_WRONLY, 0600) if err != nil { return err