Sanitize user agent, init logging from serverSettings.DataDir

Author: Forceu

internal/configuration/Configuration.go

@@ -93,7 +93,7 @@ func Load() {
 	}
 	helper.CreateDir(serverSettings.DataDir)
 	filesystem.Init(serverSettings.DataDir)
-	logging.Init(parsedEnvironment.DataDir)
+	logging.Init(serverSettings.DataDir)
 }
 
 // ConnectDatabase loads the database that is defined in the configuration

internal/logging/Logging.go

@@ -6,6 +6,7 @@ import (
 	"net"
 	"net/http"
 	"os"
+	"regexp"
 	"strings"
 	"sync"
 	"time"
@@ -278,12 +279,18 @@ func LogValidLogin(username string) {
 // LogDownload adds a log entry when a download was requested. Non-Blocking
 func LogDownload(file models.File, r *http.Request, saveIp bool) {
 	if saveIp {
-		createLogEntry(categoryDownload, fmt.Sprintf("%s, IP %s, ID %s, Useragent %s", file.Name, GetIpAddress(r), file.Id, r.UserAgent()), false)
+		createLogEntry(categoryDownload, fmt.Sprintf("%s, IP %s, ID %s, Useragent %s", file.Name, GetIpAddress(r), file.Id, sanitiseUserAgent(r)), false)
 	} else {
-		createLogEntry(categoryDownload, fmt.Sprintf("%s, ID %s, Useragent %s", file.Name, file.Id, r.UserAgent()), false)
+		createLogEntry(categoryDownload, fmt.Sprintf("%s, ID %s, Useragent %s", file.Name, file.Id, sanitiseUserAgent(r)), false)
 	}
 }
 
+var regexUserAgent = regexp.MustCompile(`[^A-Za-z0-9/. ;:+(|)_\-,]`)
+
+func sanitiseUserAgent(r *http.Request) string {
+	return regexUserAgent.ReplaceAllString(r.UserAgent(), "")
+}
+
 // LogUpload adds a log entry when an upload was created. Non-Blocking
 func LogUpload(file models.File, user models.User, fr models.FileRequest) {
 	if fr.Id != "" {