From ce173bd3d1c66f937a958419a2c82786404e0d2e Mon Sep 17 00:00:00 2001
From: cflip <cflip@cflip.net>
Date: Tue, 20 Sep 2022 11:08:11 -0600
Subject: Validate CGI script paths before starting up the server

This still doesn't throw up an error when attepting to run scripts
without the leading './', but it's a start
---
 src/CGIScript.cpp | 18 ++++++++++++++++++
 src/CGIScript.h   |  2 ++
 src/main.cpp      |  6 ++++++
 3 files changed, 26 insertions(+)

diff --git a/src/CGIScript.cpp b/src/CGIScript.cpp
index 8731023..3ef1f3f 100644
--- a/src/CGIScript.cpp
+++ b/src/CGIScript.cpp
@@ -1,8 +1,11 @@
 #include "CGIScript.h"
 
 #include <cstdlib>
+#include <filesystem>
+#include <iostream>
 #include <sstream>
 #include <string>
+#include <unistd.h>
 
 CGIScript::CGIScript(const std::string& script_path)
 	: m_script_path(script_path)
@@ -49,3 +52,18 @@ std::string CGIScript::read_output()
 
 	return sstream.str();
 }
+
+void CGIScript::validate_path(const std::string& script_path)
+{
+	namespace fs = std::filesystem;
+
+	if (!fs::exists(script_path)) {
+		std::cerr << "cfws: Script not found: " << script_path << std::endl;
+		exit(1);
+	}
+
+	if (access(script_path.c_str(), X_OK)) {
+		std::cerr << "cfws: Script does not have execute permissions: " << script_path << std::endl;
+		exit(1);
+	}
+}
diff --git a/src/CGIScript.h b/src/CGIScript.h
index a3e40fd..3ac00d9 100644
--- a/src/CGIScript.h
+++ b/src/CGIScript.h
@@ -14,6 +14,8 @@ public:
 
 	std::string read_output();
 
+	static void validate_path(const std::string& path);
+
 private:
 	FILE* m_pipe {};
 	const std::string& m_script_path;
diff --git a/src/main.cpp b/src/main.cpp
index 89a8139..ee7c673 100644
--- a/src/main.cpp
+++ b/src/main.cpp
@@ -3,6 +3,7 @@
 #include <filesystem>
 #include <fstream>
 #include <iostream>
+#include <sstream>
 
 #include "CGIScript.h"
 #include "ClientConnection.h"
@@ -115,6 +116,11 @@ int main(int argc, char** argv)
 		}
 	}
 
+	// Check the script path to ensure that it is a valid executable
+	// script before attempting to start the server.
+	if (in_cgi_mode)
+		CGIScript::validate_path(cgi_program_name);
+
 	ServerConnection server(port);
 	std::cout << "Serving a " << (in_cgi_mode ? "CGI script" : "directory") << " on port " << port << std::endl;
 
-- 
cgit v1.2.3