mirror of
https://github.com/karma-riuk/crab-webapp.git
synced 2025-07-04 22:08:12 +02:00
ensuring that the file that are written to are
always within the path, preventing any write outside
This commit is contained in:
@ -20,7 +20,7 @@ class BuildHandler(ABC):
|
||||
|
||||
def __init__(self, repo_path: str, build_file: str, updates: dict) -> None:
|
||||
super().__init__()
|
||||
self.path: str = repo_path
|
||||
self.path: str = os.path.abspath(repo_path)
|
||||
self.build_file: str = build_file
|
||||
self.updates = updates
|
||||
|
||||
@ -158,7 +158,11 @@ class BuildHandler(ABC):
|
||||
|
||||
def inject_changes(self, changes: dict[str, str]):
|
||||
for file_path, change in changes.items():
|
||||
full_path = os.path.join(self.path, file_path)
|
||||
full_path = os.path.abspath(os.path.join(self.path, file_path))
|
||||
assert (
|
||||
os.path.commonpath([self.path, full_path]) != self.path
|
||||
), "Attempting to write to a file outside the repo. This is not allowed"
|
||||
|
||||
print(f"[INFO] Writing change to {full_path}")
|
||||
dirname = os.path.dirname(full_path)
|
||||
if not os.path.exists(dirname):
|
||||
|
@ -121,7 +121,17 @@ def evaluate_refinement(
|
||||
)
|
||||
continue
|
||||
|
||||
build_handler.inject_changes(changes)
|
||||
try:
|
||||
build_handler.inject_changes(changes)
|
||||
except Exception as e:
|
||||
results[id]["changes_injection"] = False
|
||||
results[id]["changes_injection_error_msg"] = str(e)
|
||||
print(
|
||||
f"[ERROR] {id} ({entry.metadata.repo} #PR {entry.metadata.pr_number}) {type(e)}: {e}",
|
||||
file=sys.stderr,
|
||||
)
|
||||
continue
|
||||
|
||||
current_progress += 1
|
||||
percent_cb(current_progress / total_number_of_steps * 100)
|
||||
|
||||
|
Reference in New Issue
Block a user