Add check to prevent user-provided `dbConfig.caFilePath`.

server/setup-database.js

@@ -207,6 +207,11 @@ class SetupDatabase {
                         return;
                     }
 
+                    // Prevent someone from injecting a CA file path not generated by the code below
+                    if (dbConfig.caFilePath) {
+                        dbConfig.caFilePath = undefined;
+                    }
+
                     if (dbConfig.caFile) {
                         const base64Data = dbConfig.caFile.replace(/^data:application\/octet-stream;base64,/, "");
                         console.log(dbConfig);