diff options
| author | Ted Kremenek <kremenek@apple.com> | 2012-10-12 19:16:31 +0000 |
|---|---|---|
| committer | Ted Kremenek <kremenek@apple.com> | 2012-10-12 19:16:31 +0000 |
| commit | 44cbe67dc0e0a35c5369689710a25603ba67356f (patch) | |
| tree | 2725b7683a870fdf9b4b89d3e9012a0dfd708af3 /tools | |
| parent | 47fcbba7c8f621535ed7fa632327264c1c0b84f0 (diff) | |
| download | clang-44cbe67dc0e0a35c5369689710a25603ba67356f.tar.gz | |
Have scan-view guard against serving up pages outside the root directory.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@165815 91177308-0d34-0410-b5e6-96231b3b80d8
Diffstat (limited to 'tools')
| -rw-r--r-- | tools/scan-view/ScanView.py | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/tools/scan-view/ScanView.py b/tools/scan-view/ScanView.py index c6dddba6a7..3e03f1a6a3 100644 --- a/tools/scan-view/ScanView.py +++ b/tools/scan-view/ScanView.py @@ -707,6 +707,11 @@ File Bug</h3> return None def send_path(self, path): + # If the requested path is outside the root directory, do not open it + rel = os.path.relpath(path, self.server.root) + if rel.startswith(os.pardir + os.sep): + return self.send_404() + ctype = self.guess_type(path) if ctype.startswith('text/'): # Patch file instead |