backup/pywb
1
0
Fork 0
mirror of https://github.com/webrecorder/pywb.git synced 2025-03-15 00:03:28 +01:00
Code Issues Projects Releases Activity

Try another validation approach

Browse Source
This commit is contained in:
Tessa Walsh 2024-11-05 11:13:02 -05:00
parent 6dcd1015da
commit fe2403f8b5
1 changed files with 6 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
pywb/apps/static_handler.py
View File

@ -10,10 +10,6 @@ from pywb.apps.wbrequestresponse import WbResponse
from pywb.utils.wbexception import NotFoundException from pywb.utils.wbexception import NotFoundException
class PathValidationError(Exception):
"""Path validation exception"""
#================================================================= #=================================================================
# Static Content Handler # Static Content Handler
#================================================================= #=================================================================
@ -33,14 +29,12 @@ class StaticHandler(object):
# url = sanitize_filepath(url) # url = sanitize_filepath(url)
static_path_to_validate = None static_path_to_validate = None
full_path = None
full_path = environ.get('pywb.static_dir') full_path = environ.get('pywb.static_dir')
if full_path: if full_path:
static_path_to_validate = full_path static_path_to_validate = full_path
full_path = os.path.join(full_path, url) full_path = os.path.join(full_path, url)
if not os.path.isfile(full_path): if not os.path.isfile(full_path):
static_path_to_validate = None
full_path = None full_path = None
if not full_path: if not full_path:
@ -49,7 +43,7 @@ class StaticHandler(object):
try: try:
validate_requested_file_path(static_path_to_validate, full_path) validate_requested_file_path(static_path_to_validate, full_path)
except PathValidationError: except ValueError:
raise NotFoundException('Static File Not Found: ' + raise NotFoundException('Static File Not Found: ' +
url_str) url_str)
@ -87,12 +81,12 @@ class StaticHandler(object):
url_str) url_str)
def validate_requested_file_path(self, static_dir, requested_path): def validate_requested_file_path(self, static_dir, requested_path):
"""Validate that requested file path is within static dir""" """Validate that requested file path is within static dir.
static_dir = Path(static_dir)
requested_path = Path(requested_path)
if static_dir.resolve() not in requested_path.resolve().parents: Returns relative path starting from static_dir or raises ValueError if
raise PathValidationError('Requested path forbidden') requested path is not in the static directory.
"""
return Path(static_dir).joinpath(requested_path).resolve().relative_to(static_dir.resolve())