From f80c506a954e52fa21525567b5bc35362c108cf1 Mon Sep 17 00:00:00 2001
From: uan <fspinardi08@gmail.com>
Date: Mon, 11 Aug 2025 14:28:16 +0200
Subject: [PATCH] added www directory permission checks to ensure it is
 readable by the executable

---
 go.mod              |  6 +++++-
 go.sum              |  4 ++++
 miniws/webserver.go | 13 ++++++++++++-
 3 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/go.mod b/go.mod
index a239626..27a2403 100644
--- a/go.mod
+++ b/go.mod
@@ -4,4 +4,8 @@ go 1.24.5
 
 require github.com/akamensky/argparse v1.4.0
 
-require github.com/google/uuid v1.6.0 // indirect
+require (
+	github.com/google/uuid v1.6.0 // indirect
+	github.com/wneessen/go-fileperm v0.2.1 // indirect
+	golang.org/x/sys v0.35.0 // indirect
+)
diff --git a/go.sum b/go.sum
index 5d2e4af..fe202c5 100644
--- a/go.sum
+++ b/go.sum
@@ -2,3 +2,7 @@ github.com/akamensky/argparse v1.4.0 h1:YGzvsTqCvbEZhL8zZu2AiA5nq805NZh75JNj4ajn
 github.com/akamensky/argparse v1.4.0/go.mod h1:S5kwC7IuDcEr5VeXtGPRVZ5o/FdhcMlQz4IZQuw64xA=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/wneessen/go-fileperm v0.2.1 h1:VNZT41b8HJDY5zUw4TbwPtfU1DuxZ3lcGH4dXlaZKis=
+github.com/wneessen/go-fileperm v0.2.1/go.mod h1:Isv0pfQJstXAlmGGJjLGqCK0Z6d1ehbbrsO2xmTRsKs=
+golang.org/x/sys v0.35.0 h1:vz1N37gP5bs89s7He8XuIYXpyY0+QlsKmzipCbUtyxI=
+golang.org/x/sys v0.35.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
diff --git a/miniws/webserver.go b/miniws/webserver.go
index 5a296ac..f3ac1fc 100644
--- a/miniws/webserver.go
+++ b/miniws/webserver.go
@@ -11,6 +11,8 @@ import (
 	"strconv"
 	"strings"
 	"time"
+
+	"github.com/wneessen/go-fileperm"
 )
 
 const (
@@ -47,9 +49,18 @@ func NewWebServer(port_ int, logFolder_, configFolder_, wwwFolder_ string, maxLo
 
 func (ws *WebServer) Run() {
 
-	_, err := os.Stat(ws.wwwFolder)
+	_, err := os.Lstat(ws.wwwFolder)
 	if errors.Is(err, os.ErrNotExist) {
 		log.Fatalln("Fatal: www folder " + ws.wwwFolder + " does not exist")
+	} else if err != nil {
+		log.Fatalln("Fatal: " + err.Error())
+	}
+	perms, err := fileperm.New(ws.wwwFolder)
+	if err != nil {
+		log.Fatalln("Fatal: " + err.Error())
+	}
+	if !perms.UserReadable() {
+		log.Fatalln("Fatal: missing permissions to read www folder")
 	}
 
 	ws.ipFilterMode, ws.ipFilter = ws.parseFilterPanics(FILENAME_IPFILTER)