def get_l10n(session, tid, lang): """ Transaction for retrieving the custom texts configured for a specific language :param session: An ORM session :param tid: The tenant ID of the tenant on which perform the lookup :param lang: A requested language :return: A dictionary containing the custom texts configured for a specific language """ if tid != 1: config = ConfigFactory(session, tid) if config.get_val('mode') != 'default': tid = 1 path = langfile_path(lang) directory_traversal_check(Settings.client_path, path) custom_texts = session.query(models.CustomTexts).filter(models.CustomTexts.lang == lang, models.CustomTexts.tid == tid).one_or_none() custom_texts = custom_texts.texts if custom_texts is not None else {} texts = read_json_file(path) texts.update(custom_texts) return texts
def delete(self, id): yield self.permission_check(id) path = os.path.join(self.state.settings.files_path, id) directory_traversal_check(self.state.settings.files_path, path) if os.path.exists(path): os.remove(path) result = yield models.delete(models.File, models.File.tid == self.request.tid, models.File.id == id) returnValue(result)
def delete_file(session, tid, id_or_name): file_obj = db_get_file_by_id_or_name(session, tid, id_or_name) if not file_obj: return path = os.path.join(State.settings.files_path, file_obj.id) directory_traversal_check(State.settings.files_path, path) if os.path.exists(path): os.remove(path) return session.delete(file_obj)
def get(self, filename): if not filename: filename = 'index.html' abspath = os.path.abspath(os.path.join(self.root, filename)) directory_traversal_check(self.root, abspath) if os.path.exists(abspath) and os.path.isfile(abspath): return self.write_file(filename, abspath) raise errors.ResourceNotFound()
def get(self, rfile_id): rfile, tip_prv_key = yield self.download_rfile(self.request.tid, self.current_user.user_id, rfile_id) filelocation = os.path.join(Settings.attachments_path, rfile['filename']) directory_traversal_check(Settings.attachments_path, filelocation) if tip_prv_key: tip_prv_key = GCE.asymmetric_decrypt(self.current_user.cc, tip_prv_key) fo = GCE.streaming_encryption_open('DECRYPT', tip_prv_key, filelocation) yield self.write_file_as_download_fo(rfile['name'], fo) else: yield self.write_file_as_download(rfile['name'], filelocation)
def get(self, filename): if not filename: filename = 'index.html' abspath = os.path.abspath(os.path.join(self.root, filename)) directory_traversal_check(self.root, abspath) if os.path.exists(abspath + '.gz') and os.path.isfile(abspath + '.gz'): return self.write_file(filename + '.gz', abspath + '.gz') elif os.path.exists(abspath) and os.path.isfile(abspath): return self.write_file(filename, abspath) raise errors.ResourceNotFound()
def get_l10n(session, tid, lang): if tid != 1: config = ConfigFactory(session, 1) if config.get_val(u'mode') == u'whistleblowing.it': tid = 1 path = langfile_path(lang) directory_traversal_check(Settings.client_path, path) if not os.path.exists(path): raise errors.ResourceNotFound() texts = read_json_file(path) custom_texts = session.query(models.CustomTexts).filter(models.CustomTexts.lang == lang, models.CustomTexts.tid == tid).one_or_none() custom_texts = custom_texts.texts if custom_texts is not None else {} texts.update(custom_texts) return texts
def test_directory_traversal_check_allowed(self): valid_access = os.path.join(Settings.files_path, "valid.txt") directory_traversal_check(Settings.files_path, valid_access)
def test_directory_traversal_check_allowed(self): valid_access = os.path.join(Settings.files_path, "valid.txt") fs.directory_traversal_check(Settings.files_path, valid_access)