Handle excessively long paths
This commit is contained in:
parent
52d72eb554
commit
31fa3694ea
2 changed files with 14 additions and 4 deletions
|
@ -55,3 +55,9 @@ def test_path_traversal_404s(rf):
|
||||||
request = rf.get('/about/../../../conservancy-website.sqlite3')
|
request = rf.get('/about/../../../conservancy-website.sqlite3')
|
||||||
with pytest.raises(Http404):
|
with pytest.raises(Http404):
|
||||||
views.content(request)
|
views.content(request)
|
||||||
|
|
||||||
|
|
||||||
|
def test_long_path_404s(rf):
|
||||||
|
request = rf.get('x' * 1000)
|
||||||
|
with pytest.raises(Http404):
|
||||||
|
views.content(request)
|
||||||
|
|
|
@ -52,11 +52,15 @@ def content(request, *args, **kwargs):
|
||||||
path += 'index.html'
|
path += 'index.html'
|
||||||
full_path = (base_path / path).resolve()
|
full_path = (base_path / path).resolve()
|
||||||
safe_from_path_traversal = full_path.is_relative_to(base_path)
|
safe_from_path_traversal = full_path.is_relative_to(base_path)
|
||||||
|
try:
|
||||||
if full_path.is_dir():
|
if full_path.is_dir():
|
||||||
# Should have been accessed with a trailing slash.
|
# Should have been accessed with a trailing slash.
|
||||||
return HttpResponseRedirect(request.path + '/')
|
return HttpResponseRedirect(request.path + '/')
|
||||||
elif not full_path.exists() or not safe_from_path_traversal:
|
elif not full_path.exists() or not safe_from_path_traversal:
|
||||||
raise Http404()
|
raise Http404()
|
||||||
|
except OSError:
|
||||||
|
# eg. path is too long
|
||||||
|
raise Http404()
|
||||||
is_template = mimetypes.guess_type(full_path)[0] == 'text/html'
|
is_template = mimetypes.guess_type(full_path)[0] == 'text/html'
|
||||||
if not is_template:
|
if not is_template:
|
||||||
return FileResponse(open(full_path, 'rb'))
|
return FileResponse(open(full_path, 'rb'))
|
||||||
|
|
Loading…
Reference in a new issue