Fix path traversal vulnerability

DarkaOnLine · Feb 6, 2025 · 7727061 · 7727061
1 parent a7639d7
commit 7727061
Show file tree

Hide file tree

Showing 5 changed files with 12 additions and 37 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,7 +1,7 @@
 #
 # Base install
 #
-FROM amd64/php:8.2-apache as base
+FROM php:8.2.27-apache as base
 
 LABEL vendor="L5 Swagger"
 
@@ -24,7 +24,7 @@ RUN apt-get update && apt-get install -y \
 # Clear cache
 RUN apt-get clean && rm -rf /var/lib/apt/lists/*
 
-RUN pecl install memcached
+# RUN pecl install memcached
 
 RUN pecl install -f xdebug \
     && docker-php-ext-enable xdebug

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -1,5 +1,3 @@
-version: '3.9'
-
 services:
   l5-swagger-app:
     image: l5-swagger-app

diff --git a/src/Http/Controllers/SwaggerController.php b/src/Http/Controllers/SwaggerController.php
@@ -40,22 +40,13 @@ public function docs(Request $request)
         $fileSystem = new Filesystem();
         $documentation = $request->offsetGet('documentation');
         $config = $request->offsetGet('config');
-        $file = $request->offsetGet('jsonFile');
+        $yamlFormat = ($config['paths'][ 'format_to_use_for_docs'] === 'yaml');
 
-        $targetFile = $config['paths']['docs_json'] ?? 'api-docs.json';
-        $yaml = false;
-
-        if ($file !== null) {
-            $targetFile = $file;
-            $parts = explode('.', $file);
-
-            if (! empty($parts)) {
-                $extension = array_pop($parts);
-                $yaml = strtolower($extension) === 'yaml';
-            }
-        }
-
-        $filePath = $config['paths']['docs'].'/'.$targetFile;
+        $filePath = sprintf(
+            '%s/%s',
+            $config['paths'][ 'docs'],
+            $yamlFormat ? $config['paths']['docs_yaml'] : $config['paths']['docs_json']
+        );
 
         if ($config['generate_always']) {
             $generator = $this->generatorFactory->make($documentation);
@@ -82,7 +73,7 @@ public function docs(Request $request)
 
         $content = $fileSystem->get($filePath);
 
-        if ($yaml) {
+        if ($yamlFormat) {
             return ResponseFacade::make($content, 200, [
                 'Content-Type' => 'application/yaml',
                 'Content-Disposition' => 'inline',

diff --git a/src/routes.php b/src/routes.php
@@ -40,7 +40,7 @@
             }
 
             if (isset($config['routes']['docs'])) {
-                $router->get($config['routes']['docs'].'/{jsonFile?}', [
+                $router->get($config['routes']['docs'], [
                     'as' => 'l5-swagger.'.$name.'.docs',
                     'middleware' => $config['routes']['middleware']['docs'] ?? [],
                     'uses' => '\L5Swagger\Http\Controllers\SwaggerController@docs',

diff --git a/tests/RoutesTest.php b/tests/RoutesTest.php
@@ -89,7 +89,7 @@ public function itCanAccessAndGenerateYamlFile(): void
     {
         $customYamlFileName = 'docs.yaml';
 
-        $jsonUrl = route('l5-swagger.default.api');
+        $jsonUrl = route('l5-swagger.default.docs');
 
         $this->setCustomDocsFileName($customYamlFileName, 'yaml');
 
@@ -102,7 +102,7 @@ public function itCanAccessAndGenerateYamlFile(): void
         $this->setAnnotationsPath();
 
         $this->get($jsonUrl)
-            ->assertSeeText('http://localhost/docs/docs.yaml')
+            ->assertHeader('Content-Type', 'application/yaml')
             ->isOk();
     }
 
@@ -128,20 +128,6 @@ public function userCanAccessDocumentationFileWithoutExtensionIfItExists(): void
             ->isOk();
     }
 
-    /** @test */
-    public function itDoesNotThrowExceptionOnDocsFileWithoutExtension(): void
-    {
-        $fileWithoutExtension = 'docs';
-
-        $jsonUrl = route('l5-swagger.default.docs', $fileWithoutExtension);
-
-        $this->crateJsonDocumentationFile();
-
-        $this->get($jsonUrl)
-            ->assertNotFound()
-            ->isOk();
-    }
-
     /**
      * @test
      *