net/http: document Dir behavior with symlinks

Based on CL 229377. Change-Id: I016eec20672c909e8fabe799c277f4d2540fc555 Reviewed-on: https://go-review.googlesource.com/c/go/+/238698 Run-TryBot: Katie Hockman <katie@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Filippo Valsorda <filippo@golang.org>
2024-11-18 07:14:44 -07:00 · 2020-06-18 11:26:07 -04:00 · 2020-06-18 11:26:07 -04:00 · 18bcc7c285
commit 18bcc7c285
parent 968e18eebd
1 changed files with 7 additions and 5 deletions
--- a/src/net/http/fs.go
+++ b/src/net/http/fs.go
@ -30,11 +30,13 @@ import (
 // value is a filename on the native file system, not a URL, so it is separated
 // by filepath.Separator, which isn't necessarily '/'.
 //
-// Note that Dir will allow access to files and directories starting with a
-// period, which could expose sensitive directories like a .git directory or
-// sensitive files like .htpasswd. To exclude files with a leading period,
-// remove the files/directories from the server or create a custom FileSystem
-// implementation.
+// Note that Dir could expose sensitive files and directories. Dir will follow
+// symlinks pointing out of the directory tree, which can be especially dangerous
+// if serving from a directory in which users are able to create arbitrary symlinks.
+// Dir will also allow access to files and directories starting with a period,
+// which could expose sensitive directories like .git or sensitive files like
+// .htpasswd. To exclude files with a leading period, remove the files/directories
+// from the server or create a custom FileSystem implementation.
 //
 // An empty Dir is treated as ".".
 type Dir string