mirror of
https://github.com/GNS3/gns3-server
synced 2024-11-18 06:18:08 +00:00
Change method to prevent forbidden directory traversal. Fixes #1894
This commit is contained in:
parent
3a479d7ea6
commit
6847e19847
@ -470,7 +470,8 @@ class DynamipsVMHandler:
|
||||
async def upload_image(request, response):
|
||||
|
||||
dynamips_manager = Dynamips.instance()
|
||||
await dynamips_manager.write_image(request.match_info["filename"], request.content)
|
||||
filename = os.path.normpath(request.match_info["filename"])
|
||||
await dynamips_manager.write_image(filename, request.content)
|
||||
response.set_status(204)
|
||||
|
||||
@Route.get(
|
||||
@ -485,7 +486,7 @@ class DynamipsVMHandler:
|
||||
description="Download a Dynamips IOS image")
|
||||
async def download_image(request, response):
|
||||
|
||||
filename = request.match_info["filename"]
|
||||
filename = os.path.normpath(request.match_info["filename"])
|
||||
|
||||
# Raise error if user try to escape
|
||||
if filename[0] == "." or os.path.sep in filename:
|
||||
|
@ -428,7 +428,8 @@ class IOUHandler:
|
||||
async def upload_image(request, response):
|
||||
|
||||
iou_manager = IOU.instance()
|
||||
await iou_manager.write_image(request.match_info["filename"], request.content)
|
||||
filename = os.path.normpath(request.match_info["filename"])
|
||||
await iou_manager.write_image(filename, request.content)
|
||||
response.set_status(204)
|
||||
|
||||
|
||||
@ -444,7 +445,7 @@ class IOUHandler:
|
||||
description="Download an IOU image")
|
||||
async def download_image(request, response):
|
||||
|
||||
filename = request.match_info["filename"]
|
||||
filename = os.path.normpath(request.match_info["filename"])
|
||||
|
||||
# Raise error if user try to escape
|
||||
if filename[0] == "." or os.path.sep in filename:
|
||||
|
@ -552,7 +552,8 @@ class QEMUHandler:
|
||||
async def upload_image(request, response):
|
||||
|
||||
qemu_manager = Qemu.instance()
|
||||
await qemu_manager.write_image(request.match_info["filename"], request.content)
|
||||
filename = os.path.normpath(request.match_info["filename"])
|
||||
await qemu_manager.write_image(filename, request.content)
|
||||
response.set_status(204)
|
||||
|
||||
@Route.get(
|
||||
@ -567,7 +568,7 @@ class QEMUHandler:
|
||||
description="Download Qemu image")
|
||||
async def download_image(request, response):
|
||||
|
||||
filename = request.match_info["filename"]
|
||||
filename = os.path.normpath(request.match_info["filename"])
|
||||
|
||||
# Raise error if user try to escape
|
||||
if filename[0] == "." or os.path.sep in filename:
|
||||
|
@ -17,6 +17,7 @@
|
||||
|
||||
import os
|
||||
import aiohttp
|
||||
from pathlib import Path
|
||||
|
||||
from ..config import Config
|
||||
|
||||
@ -37,15 +38,14 @@ def get_default_project_directory():
|
||||
return path
|
||||
|
||||
|
||||
def is_safe_path(file_path, directory):
|
||||
def is_safe_path(file_path: str, basedir: str) -> bool:
|
||||
"""
|
||||
Check that file path is safe.
|
||||
(the file is stored inside directory or one of its sub-directory)
|
||||
"""
|
||||
|
||||
requested_path = os.path.abspath(file_path)
|
||||
common_prefix = os.path.commonprefix([requested_path, directory])
|
||||
return common_prefix != directory
|
||||
test_path = (Path(basedir) / file_path).resolve()
|
||||
return Path(basedir).resolve() in test_path.resolve().parents
|
||||
|
||||
|
||||
def check_path_allowed(path):
|
||||
|
Loading…
Reference in New Issue
Block a user