Docs: limited path traversal bug in example code on how to avoid path traversal
Bug #1815422 reported by
Felix Kaiser
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Security Advisory |
Fix Released
|
Low
|
Jeremy Stanley |
Bug Description
Hi,
this seems to be a docs issue only, I did a *very* short search and couldn't find any affected OpenStack code, and anyway it's a minor bug and I hope I'm not too pedantic, but a bug is a bug.
https:/
In [1]: def is_safe_
...: # resolves symbolic links
...: if follow_symlinks:
...: return os.path.
...:
...: return os.path.
...:
In [2]: import os
In [3]: os.getcwd()
Out[3]: '/home/ad'
In [4]: is_safe_
Out[4]: True
To post a comment you must log in.
That is odd, perhaps there is a paste error?
$ cat test.py path(basedir, path, follow_ symlinks= True): realpath( path).startswit h(basedir) abspath( path).startswit h(basedir) safe_path( "/home/ ad", "../admin/ .ssh/id_ rsa"))
```
import os
def is_safe_
# resolves symbolic links
if follow_symlinks:
return os.path.
return os.path.
print(is_
```
$ python test.py
False
$ python -V
Python 3.7.3