From 316262efe5c5ba2ff4771b907d6e7e240ce98026 Mon Sep 17 00:00:00 2001
From: Gabriel Ngandu-Biseba <gabriel.ngandu-biseba@tucrail.be>
Date: Mon, 31 Mar 2025 12:36:19 +0200
Subject: [PATCH] Sanitize all paths used inside writeDBConfig function

---
 server/database.js | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/server/database.js b/server/database.js
index 2bd83447b..c189af82d 100644
--- a/server/database.js
+++ b/server/database.js
@@ -183,6 +183,7 @@ class Database {
     }
 
     /**
+     * @throws The CA file must be a pem file
      * @typedef {string|undefined} envString
      * @param {{type: "sqlite"} | {type:envString, hostname:envString, port:envString, database:envString, username:envString, password:envString, caFilePath:envString}} dbConfig the database configuration that should be written
      * @returns {void}
@@ -191,10 +192,10 @@ class Database {
         // Move CA file to the data directory
         if (dbConfig.caFilePath) {
             const dataCaFilePath = path.resolve(Database.dataDir, "mariadb-ca.pem");
-            if (!dbConfig.caFilePath.endsWith(".pem")) {
+            if (!path.resolve(dbConfig.caFilePath).endsWith(".pem")) {
                 throw new Error("Invalid CA file, it must be a .pem file");
             }
-            fs.renameSync(fs.realpathSync(dbConfig.caFilePath), dataCaFilePath);
+            fs.renameSync(fs.realpathSync(path.resolve(dbConfig.caFilePath)), path.resolve(dataCaFilePath));
             dbConfig.caFilePath = dataCaFilePath;
             dbConfig.ssl = undefined;
             dbConfig.caFile = undefined;