def safejoin(root, subpath): if not SAFENAME.match(subpath): raise BadName("unsafe path name: %r" % subpath) path = join(root, subpath) if commonprefix([root + sep, path]) != root + sep: raise BadName("invalid relative path: %r" % subpath) return path
def safejoin(root, subpath): """Join root to subpath ensuring that the result is actually inside root """ root = realpath(root) if not SAFENAME.match(subpath): raise BadName(u"unsafe path name: %r" % subpath) path = realpath(join(root, subpath)) if commonprefix([root + sep, path]) != root + sep: raise BadName(u"invalid relative path: %r" % subpath) return path
def safepath(path): if (path.startswith(("/", ".")) or "/../" in path or path.endswith("/..") or not SAFENAME.match(path)): raise BadName("unsafe path name: %r" % path) return path
def safejoin(root, subpath): """Join root to subpath ensuring that the result is actually inside root """ check_safe_key(subpath) root = realpath(root) path = realpath(join(root, subpath)) if commonprefix([root + sep, path]) != root + sep: raise BadName("invalid relative path: %r" % subpath) return path
def check_safe_key(key): """Perform some basic checks on a potential blob key This method makes a best-effort attempt to verify that the key is safe for all blob db backends. It will not necessarily detect all unsafe keys. :raises: BadName if key is unsafe. """ if (key.startswith(("/", ".")) or "/../" in key or key.endswith("/..") or not SAFENAME.match(key)): raise BadName("unsafe key: %r" % key)