From 35cfd9b257719c42cd2e24d156c051a00ee7428e Mon Sep 17 00:00:00 2001
From: Gabriel Ngandu-Biseba <gabriel.ngandu-biseba@tucrail.be>
Date: Mon, 31 Mar 2025 12:25:28 +0200
Subject: [PATCH] Use path.resolve instead of path.join in order to normalize
 the path.

Also check if the uploaded file is a .pem
---
 server/database.js | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/server/database.js b/server/database.js
index 44005d6e9..c324171ff 100644
--- a/server/database.js
+++ b/server/database.js
@@ -190,8 +190,11 @@ class Database {
     static writeDBConfig(dbConfig) {
         // Move CA file to the data directory
         if (dbConfig.caFilePath) {
-            const dataCaFilePath = path.join(Database.dataDir, "mariadb-ca.pem");
-            fs.renameSync(dbConfig.caFilePath, dataCaFilePath);
+            const dataCaFilePath = path.resolve(Database.dataDir, "mariadb-ca.pem");
+            if (!dbConfig.caFilePath.endsWith(".pem")) {
+                throw new Error("Invalid CA file, it must be a .pem file");
+            }
+            fs.renameSync(fs.realpathSync(dbConfig.caFilePath), dataCaFilePath);
             dbConfig.caFilePath = dataCaFilePath;
             dbConfig.ssl = undefined;
             dbConfig.caFile = undefined;