karma/crab-webapp
1
0
Fork 0
mirror of https://github.com/karma-riuk/crab-webapp.git synced 2025-07-05 14:18:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

ensuring that the file that are written to are

Browse Source 
always within the path, preventing any write outside
This commit is contained in:
Karma Riuk
2025-06-09 21:09:16 +02:00
parent 59b2fbb32e
commit a9e06ec694
2 changed files with 17 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/utils/build_handlers.py
View File

@ -20,7 +20,7 @@ class BuildHandler(ABC):
def __init__(self, repo_path: str, build_file: str, updates: dict) -> None:
super().__init__()
self.path: str = repo_path
self.path: str = os.path.abspath(repo_path)
self.build_file: str = build_file
self.updates = updates
@ -158,7 +158,11 @@ class BuildHandler(ABC):
def inject_changes(self, changes: dict[str, str]):
for file_path, change in changes.items():
full_path = os.path.join(self.path, file_path)
full_path = os.path.abspath(os.path.join(self.path, file_path))
assert (
os.path.commonpath([self.path, full_path]) != self.path
), "Attempting to write to a file outside the repo. This is not allowed"
print(f"[INFO] Writing change to {full_path}")
dirname = os.path.dirname(full_path)
if not os.path.exists(dirname):