godoc: avoid exposing absolute paths on 404

Exposing the full paths to files is considered possible source of vulnerabilities. Change-Id: Ie9ae3791e51fcff5f1df711f84db9879d7e6ce37 Reviewed-on: https://go-review.googlesource.com/29445 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2016-09-20 16:58:29 -07:00 · 2016-09-20 16:58:29 -07:00 · 3f4088edb4
--- a/godoc/page.go
+++ b/godoc/page.go
@ -6,6 +6,8 @@ package godoc

 import (
 	"net/http"
+	"os"
+	"path/filepath"
 	"runtime"
 )

@ -36,6 +38,14 @@ func (p *Presentation) ServePage(w http.ResponseWriter, page Page) {

 func (p *Presentation) ServeError(w http.ResponseWriter, r *http.Request, relpath string, err error) {
 	w.WriteHeader(http.StatusNotFound)
+	if perr, ok := err.(*os.PathError); ok {
+		rel, err := filepath.Rel(runtime.GOROOT(), perr.Path)
+		if err != nil {
+			perr.Path = "REDACTED"
+		} else {
+			perr.Path = filepath.Join("$GOROOT", rel)
+		}
+	}
 	p.ServePage(w, Page{
 		Title:    "File " + relpath,
 		Subtitle: relpath,