def safejoin(root, subpath):
if not SAFENAME.match(subpath):
raise BadName("unsafe path name: %r" % subpath)
path = join(root, subpath)
if commonprefix([root + sep, path]) != root + sep:
raise BadName("invalid relative path: %r" % subpath)
return path
def safejoin(root, subpath):
"""Join root to subpath ensuring that the result is actually inside root
"""
root = realpath(root)
if not SAFENAME.match(subpath):
raise BadName(u"unsafe path name: %r" % subpath)
path = realpath(join(root, subpath))
if commonprefix([root + sep, path]) != root + sep:
raise BadName(u"invalid relative path: %r" % subpath)
return path
def safepath(path):
if (path.startswith(("/", ".")) or
"/../" in path or
path.endswith("/..") or
not SAFENAME.match(path)):
raise BadName("unsafe path name: %r" % path)
return path
def safejoin(root, subpath):
"""Join root to subpath ensuring that the result is actually inside root
"""
check_safe_key(subpath)
root = realpath(root)
path = realpath(join(root, subpath))
if commonprefix([root + sep, path]) != root + sep:
raise BadName("invalid relative path: %r" % subpath)
return path
def check_safe_key(key):
"""Perform some basic checks on a potential blob key
This method makes a best-effort attempt to verify that the key is
safe for all blob db backends. It will not necessarily detect all
unsafe keys.
:raises: BadName if key is unsafe.
"""
if (key.startswith(("/", ".")) or "/../" in key or key.endswith("/..")
or not SAFENAME.match(key)):
raise BadName("unsafe key: %r" % key)
