diff --git a/agent/app/service/recycle_bin.go b/agent/app/service/recycle_bin.go index efcbb2e23..9af3559e2 100644 --- a/agent/app/service/recycle_bin.go +++ b/agent/app/service/recycle_bin.go @@ -76,6 +76,9 @@ func (r RecycleBinService) Page(search dto.PageInfo) (int64, []response.RecycleB } func (r RecycleBinService) Create(create request.RecycleBinCreate) error { + if files.IsProtected(create.SourcePath) { + return buserr.New("ErrPathNotDelete") + } op := files.NewFileOp() if !op.Stat(create.SourcePath) { return buserr.New("ErrLinkPathNotFound") diff --git a/agent/utils/files/file_op.go b/agent/utils/files/file_op.go index a5728944a..5bd8aa48b 100644 --- a/agent/utils/files/file_op.go +++ b/agent/utils/files/file_op.go @@ -33,6 +33,40 @@ import ( "github.com/spf13/afero" ) +var protectedPaths = []string{ + "/", + "/bin", + "/sbin", + "/etc", + "/boot", + "/usr", + "/lib", + "/lib64", + "/dev", + "/proc", + "/sys", + "/root", +} + +func IsProtected(path string) bool { + real, err := filepath.EvalSymlinks(path) + if err == nil { + path = real + } + + abs, err := filepath.Abs(path) + if err == nil { + path = abs + } + + for _, p := range protectedPaths { + if path == p { + return true + } + } + return false +} + type FileOp struct { Fs afero.Fs } @@ -104,6 +138,9 @@ func (f FileOp) LinkFile(source string, dst string, isSymlink bool) error { } func (f FileOp) DeleteDir(dst string) error { + if IsProtected(dst) { + return buserr.New("ErrPathNotDelete") + } return f.Fs.RemoveAll(dst) } @@ -113,14 +150,23 @@ func (f FileOp) Stat(dst string) bool { } func (f FileOp) DeleteFile(dst string) error { + if IsProtected(dst) { + return buserr.New("ErrPathNotDelete") + } return f.Fs.Remove(dst) } func (f FileOp) CleanDir(dst string) error { + if IsProtected(dst) { + return buserr.New("ErrPathNotDelete") + } return cmd.RunDefaultBashCf("rm -rf %s/*", dst) } func (f FileOp) RmRf(dst string) error { + if IsProtected(dst) { + return buserr.New("ErrPathNotDelete") + } return cmd.RunDefaultBashCf("rm -rf %s", dst) }