Почетна Преглед Помоћ
Пријавите се
mirrors
/
Radicale
огледало од https://github.com/Kozea/Radicale
1
0
Креирај огранак 0
Датотеке Дискусије 0 Вики
Дрво: bcaf452e51
Гране Ознаке
Radicale
/
radicale
/
pathutils.py

pathutils.py 2.3 KB
Историја Датотека

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172 
  1. # -*- coding: utf-8 -*-
    2. 

  2. #
    3. 

  3. # This file is part of Radicale Server - Calendar Server
    4. 

  4. #
    5. 

  5. # This library is free software: you can redistribute it and/or modify
    6. 

  6. # it under the terms of the GNU General Public License as published by
    7. 

  7. # the Free Software Foundation, either version 3 of the License, or
    8. 

  8. # (at your option) any later version.
    9. 

  9. #
    10. 

  10. # This library is distributed in the hope that it will be useful,
    11. 

  11. # but WITHOUT ANY WARRANTY; without even the implied warranty of
    12. 

  12. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    13. 

  13. # GNU General Public License for more details.
    14. 

  14. #
    15. 

  15. # You should have received a copy of the GNU General Public License
    16. 

  16. # along with Radicale.  If not, see <http://www.gnu.org/licenses/>.
    17. 

  17. 

  18. """
    19. 

  19. Helper functions for working with paths
    20. 

  20. 

  21. """
    22. 

  22. 

  23. import os
    24. 

  24. import posixpath
    25. 

  25. 

  26. from . import log
    27. 

  27. 

  28. 

  29. def sanitize_path(path):
    30. 

  30.     """Make absolute (with leading slash) to prevent access to other data.
    31. 

  31.        Preserves an potential trailing slash."""
    32. 

  32.     trailing_slash = "/" if path.endswith("/") else ""
    33. 

  33.     path = posixpath.normpath(path)
    34. 

  34.     new_path = "/"
    35. 

  35.     for part in path.split("/"):
    36. 

  36.         if not part or part in (".", ".."):
    37. 

  37.             continue
    38. 

  38.         new_path = posixpath.join(new_path, part)
    39. 

  39.     trailing_slash = "" if new_path.endswith("/") else trailing_slash
    40. 

  40.     return new_path + trailing_slash
    41. 

  41. 

  42. 

  43. def is_safe_filesystem_path_component(path):
    44. 

  44.     """Checks if path is a single component of a local filesystem path
    45. 

  45.        and is safe to join"""
    46. 

  46.     if not path:
    47. 

  47.         return False
    48. 

  48.     drive, _ = os.path.splitdrive(path)
    49. 

  49.     if drive:
    50. 

  50.         return False
    51. 

  51.     head, _ = os.path.split(path)
    52. 

  52.     if head:
    53. 

  53.         return False
    54. 

  54.     if path in (os.curdir, os.pardir):
    55. 

  55.         return False
    56. 

  56.     return True
    57. 

  57. 

  58. 

  59. def path_to_filesystem(path, base_folder):
    60. 

  60.     """Converts path to a local filesystem path relative to base_folder
    61. 

  61.         in a secure manner or raises ValueError."""
    62. 

  62.     sane_path = sanitize_path(path).strip("/")
    63. 

  63.     safe_path = base_folder
    64. 

  64.     if not sane_path:
    65. 

  65.         return safe_path
    66. 

  66.     for part in sane_path.split("/"):
    67. 

  67.         if not is_safe_filesystem_path_component(part):
    68. 

  68.             log.LOGGER.debug("Can't translate path safely to filesystem: %s",
    69. 

  69.                              path)
    70. 

  70.             raise ValueError("Unsafe path")
    71. 

  71.         safe_path = os.path.join(safe_path, part)
    72. 

  72.     return safe_path
    73.