Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Prevent directory traversion with static files #2495

Merged
merged 15 commits into from
Jul 28, 2022
Merged

Prevent directory traversion with static files #2495

merged 15 commits into from
Jul 28, 2022

Conversation

prryplatypus
Copy link
Member

Fixes #2478 and (maybe?) #2477

@codecov
Copy link

codecov bot commented Jul 10, 2022
edited
Loading

Codecov Report

Merging #2495 (b57dca3) into main (312ab29) will increase coverage by 0.038%.
The diff coverage is 88.888%.

@@              Coverage Diff              @@
##              main     #2495       +/-   ##
=============================================
+ Coverage   87.396%   87.434%   +0.038%     
=============================================
  Files           69        69               
  Lines         5554      5555        +1     
  Branches       966       966               
=============================================
+ Hits          4854      4857        +3     
+ Misses         508       507        -1     
+ Partials       192       191        -1
Impacted Files Coverage Δ
sanic/mixins/routes.py 93.574% <88.888%> (+0.832%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 312ab29...b57dca3. Read the comment docs.

Tronic
Tronic reviewed Jul 18, 2022
View reviewed changes
sanic/mixins/routes.py Outdated Show resolved Hide resolved
@ahopkins ahopkins marked this pull request as ready for review July 26, 2022 20:10
@ahopkins ahopkins requested a review from a team as a code owner July 26, 2022 20:10
@ChihweiLHBird
Copy link
Member

ChihweiLHBird commented Jul 26, 2022
edited
Loading

Should we consider use async file APIs (aiofiles or trio) in this module?

Update:
Never mind, these async file APIs doesn't do the operation we have in this module.

ChihweiLHBird
ChihweiLHBird previously approved these changes Jul 27, 2022
View reviewed changes
@ChihweiLHBird ChihweiLHBird requested review from ahopkins and Tronic July 27, 2022 06:45
@ChihweiLHBird ChihweiLHBird requested a review from ahopkins July 28, 2022 05:59
@ahopkins ahopkins merged commit 9d415e4 into main Jul 28, 2022
@ahopkins ahopkins deleted the prry/2478-path-traversal branch July 28, 2022 06:45
ahopkins added a commit that referenced this pull request Jul 28, 2022
@prryplatypus @ahopkins @ChihweiLHBird
Prevent directory traversion with static files (#2495)
acb6ff3 
Co-authored-by: Adam Hopkins <adam@amhopkins.com>
Co-authored-by: Zhiwei Liang <zhi.wei.liang@outlook.com>
@ahopkins ahopkins mentioned this pull request Jul 28, 2022
Merged
ahopkins added a commit that referenced this pull request Jul 31, 2022
@prryplatypus @ahopkins @ChihweiLHBird
Prevent directory traversion with static files (#2495)
a7182ad 
Co-authored-by: Adam Hopkins <adam@amhopkins.com>
Co-authored-by: Zhiwei Liang <zhi.wei.liang@outlook.com>
ahopkins added a commit that referenced this pull request Jul 31, 2022
@prryplatypus @ahopkins @ChihweiLHBird
Prevent directory traversion with static files (#2495)
e54ac3c 
Co-authored-by: Adam Hopkins <adam@amhopkins.com>
Co-authored-by: Zhiwei Liang <zhi.wei.liang@outlook.com>
ahopkins added a commit that referenced this pull request Jul 31, 2022
@prryplatypus @ahopkins @ChihweiLHBird
Prevent directory traversion with static files (#2495)
ee6d8cf 
Co-authored-by: Adam Hopkins <adam@amhopkins.com>
Co-authored-by: Zhiwei Liang <zhi.wei.liang@outlook.com>
ahopkins added a commit that referenced this pull request Jul 31, 2022
@ahopkins @ChihweiLHBird @prryplatypus
MERGEBACK (#2495) (#2512)
9cf38a0 
Co-authored-by: Adam Hopkins <adam@amhopkins.com>
Co-authored-by: Zhiwei Liang <zhi.wei.liang@outlook.com>
Co-authored-by: Néstor Pérez <25409753+prryplatypus@users.noreply.github.com>
@GoVulnBot GoVulnBot mentioned this pull request Aug 1, 2022
Closed
@jba jba mentioned this pull request Aug 1, 2022
Open
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@ChihweiLHBird ChihweiLHBird ChihweiLHBird approved these changes

@Tronic Tronic Awaiting requested review from Tronic

@ahopkins ahopkins Awaiting requested review from ahopkins

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Sanic static handler allows parent ".." directory traversal
4 participants
@prryplatypus @ChihweiLHBird @Tronic @ahopkins