From 568d97d9eb0a0fdadbb04ff2f4c79a98544e25c2 Mon Sep 17 00:00:00 2001
From: Nico Berlee <nico.berlee@on2it.net>
Date: Tue, 28 Mar 2023 13:29:52 +0200
Subject: [PATCH 1/2] fix: sanitize netNsName if contains path

---
 netns/netns.go      | 6 ++++--
 netns/netns_test.go | 6 ++++++
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/netns/netns.go b/netns/netns.go
index 9f06644..ae68753 100644
--- a/netns/netns.go
+++ b/netns/netns.go
@@ -50,7 +50,8 @@ func GetNetNsPids(netNSNames []string) (pidNetNS *map[uint32]string) {
 
 func getNetNsInodeFromBindMount(netNSNames []string) (inodes []string, err error) {
 	for _, netNSName := range netNSNames {
-		netNSPath := path.Join(NetNSPath, netNSName)
+		sanitizedNetNSName := path.Base(netNSName)
+		netNSPath := path.Join(NetNSPath, sanitizedNetNSName)
 
 		f, err := os.Open(netNSPath)
 		if err != nil {
@@ -78,7 +79,8 @@ func getNetNsInodeFromBindMount(netNSNames []string) (inodes []string, err error
 
 func getNetNsInodeFromSymlink(netNSNames []string) (inodes []string, err error) {
 	for _, netNSName := range netNSNames {
-		symlinkPath := path.Join(NetNSPath, netNSName)
+		sanitizedNetNSName := path.Base(netNSName)
+		symlinkPath := path.Join(NetNSPath, sanitizedNetNSName)
 
 		fileInfo, err := os.Stat(symlinkPath)
 		if err != nil {
diff --git a/netns/netns_test.go b/netns/netns_test.go
index 7813287..e15ef7f 100644
--- a/netns/netns_test.go
+++ b/netns/netns_test.go
@@ -221,6 +221,12 @@ func TestGetNetNsInodeFromSymlink(t *testing.T) {
 			expected:   nil,
 			wantErr:    false,
 		},
+		{
+			name:       "path exploits",
+			netNSNames: []string{"../netns1", "../netns2"},
+			expected:   expectedInodes,
+			wantErr:    false,
+		},
 	}
 
 	// Temporarily replace the NetNSPath global variable

From dc4ed4f115ce41f866939f854ead1bf3d751455f Mon Sep 17 00:00:00 2001
From: Nico Berlee <nico.berlee@on2it.net>
Date: Tue, 28 Mar 2023 13:43:43 +0200
Subject: [PATCH 2/2] chore: fix dependabot

---
 .github/{workflows => }/dependabot.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename .github/{workflows => }/dependabot.yml (81%)

diff --git a/.github/workflows/dependabot.yml b/.github/dependabot.yml
similarity index 81%
rename from .github/workflows/dependabot.yml
rename to .github/dependabot.yml
index ac6621f..b444581 100644
--- a/.github/workflows/dependabot.yml
+++ b/.github/dependabot.yml
@@ -5,7 +5,7 @@
 
 version: 2
 updates:
-  - package-ecosystem: "" # See documentation for possible values
+  - package-ecosystem: "gomod" # See documentation for possible values
     directory: "/" # Location of package manifests
     schedule:
-      interval: "weekly"
+      interval: "daily"