:lock: fix path traversal security issue

1 files changed, 8 insertions, 10 deletions

diff --git a/src/util/FileStorage.ts b/src/util/FileStorage.ts
index b87c4651..8001c608 100644
--- a/src/util/FileStorage.ts
+++ b/src/util/FileStorage.ts
@@ -1,26 +1,24 @@
 import { Storage } from "./Storage";
 import fs from "fs";
-import { join } from "path";
+import { join, relative } from "path";
 import "missing-native-js-functions";
 
+function getPath(path: string) {
+	// STORAGE_LOCATION has a default value in start.ts
+	return join(process.env.STORAGE_LOCATION || "../", relative("/", path));
+}
+
 export class FileStorage implements Storage {
 	async get(path: string): Promise<Buffer | null> {
-		path = join(process.env.STORAGE_LOCATION || "", path);
 		try {
-			const file = fs.readFileSync(path);
-			// @ts-ignore
-			return file;
+			return fs.readFileSync(getPath(path));
 		} catch (error) {
 			return null;
 		}
 	}
 
 	async set(path: string, value: any) {
-		path = join(process.env.STORAGE_LOCATION || "", path).replace(/[\\]/g, "/");
-		const dir = path.split("/").slice(0, -1).join("/");
-		fs.mkdirSync(dir, { recursive: true });
-
-		return fs.writeFileSync(path, value, { encoding: "binary" });
+		return fs.writeFileSync(getPath(path), value, { encoding: "binary" });
 	}
 
 	async delete(path: string) {