Restrict path access to prevent path traversal in secure coding example
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Security Advisory |
Fix Released
|
Medium
|
Jeremy Stanley |
Bug Description
This bug tracker is for errors with the documentation, use the following as a template and remove or add fields as you see fit. Convert [ ] into [x] to check boxes:
- [X] This doc is inaccurate in this way: ______
- [ ] This is a doc addition request.
- [X] I have a fix to the document that I can paste below including example: input and output.
If you have a troubleshooting or support issue, use the following resources:
- The mailing list: https:/
- IRC: 'openstack' channel on Freenode
-------
Release: 0.0.1.dev228 on 2021-01-21 16:53:50
SHA: d4785ae6fdb8b9f
Source: https:/
URL: https:/
is_safe_path function throws TypeError: expected str, bytes or os.PathLike object, not bool
It likely should either be written as...
def is_safe_
# resolves symbolic links
if follow_symlinks:
return os.path.
else:
return os.path.
or...
def is_safe_
# resolves symbolic links
if follow_symlinks:
matchpath = os.path.
else:
matchpath = os.path.
return basedir == os.path.
summary: |
- Restrict path access to prevent path traversal in OpenStack Security - Advisories + Restrict path access to prevent path traversal in secure coding example |
Thanks, you're right that example is definitely broken. I rewrote it in an attempt to address bug 1815422, but for some reason I decided to return something other than a bool in the rewrite. I'll work on an alternative to get it back to what the goal of the original example was.