Path traversal check

2025-05-04 20:30:39 +00:00 · 2021-10-26 15:41:14 -04:00 · 2021-10-26 15:41:14 -04:00 · a1244b9e3e
commit a1244b9e3e
parent d12c81b773
3 changed files with 24 additions and 5 deletions
--- a/app/security.py
+++ b/app/security.py
@ -0,0 +1,14 @@
+import os
+
+class SuspiciousFileOperation(Exception):
+    pass
+
+def path_traversal_check(unsafe_path, known_safe_path):
+    known_safe_path = os.path.abspath(known_safe_path)
+    unsafe_path = os.path.abspath(unsafe_path)
+
+    if (os.path.commonprefix([known_safe_path, unsafe_path]) != known_safe_path):
+        raise SuspiciousFileOperation("{} is not safe".format(unsafe_path))
+
+    # Passes the check
+    return unsafe_path