mirror of
https://github.com/avatao-content/baseimage-tutorial-framework
synced 2024-12-23 04:01:56 +00:00
Implement directory whitelisting in webide
This commit is contained in:
parent
35421649c9
commit
b74ff39438
@ -1,7 +1,7 @@
|
||||
# Copyright (C) 2018 Avatao.com Innovative Learning Kft.
|
||||
# All Rights Reserved. See LICENSE file for details.
|
||||
|
||||
from os.path import isfile, join, relpath, exists, isdir
|
||||
from os.path import isfile, join, relpath, exists, isdir, realpath
|
||||
from glob import glob
|
||||
from fnmatch import fnmatchcase
|
||||
from collections import Iterable
|
||||
@ -13,9 +13,10 @@ from tfw.config.logs import logging
|
||||
LOG = logging.getLogger(__name__)
|
||||
|
||||
|
||||
class FileManager:
|
||||
def __init__(self, working_directory, selected_file=None, exclude=None):
|
||||
class FileManager: # pylint: disable=too-many-instance-attributes
|
||||
def __init__(self, working_directory, allowed_directories=None, selected_file=None, exclude=None):
|
||||
self._exclude, self.exclude = None, exclude
|
||||
self._allowed_directories, self.allowed_directories = None, allowed_directories
|
||||
self._workdir, self.workdir = None, working_directory
|
||||
self._filename, self.filename = None, selected_file or self.files[0]
|
||||
|
||||
@ -39,8 +40,19 @@ class FileManager:
|
||||
def workdir(self, directory):
|
||||
if not exists(directory) or not isdir(directory):
|
||||
raise EnvironmentError('"{}" is not a directory!'.format(directory))
|
||||
if self.allowed_directories:
|
||||
if realpath(directory) not in self._allowed_directories:
|
||||
raise EnvironmentError('Directory "{}" is not in whitelist!'.format(directory))
|
||||
self._workdir = directory
|
||||
|
||||
@property
|
||||
def allowed_directories(self):
|
||||
return self._allowed_directories
|
||||
|
||||
@allowed_directories.setter
|
||||
def allowed_directories(self, directories):
|
||||
self._allowed_directories = directories
|
||||
|
||||
@property
|
||||
def filename(self):
|
||||
return self._filename
|
||||
@ -75,9 +87,11 @@ class FileManager:
|
||||
|
||||
|
||||
class SourceCodeEventHandler(TriggerlessEventHandler):
|
||||
def __init__(self, key, directory, selected_file=None, exclude=None):
|
||||
# pylint: disable=too-many-arguments
|
||||
def __init__(self, key, directory, allowed_directories=None, selected_file=None, exclude=None):
|
||||
super().__init__(key)
|
||||
self.filemanager = FileManager(directory, selected_file=selected_file, exclude=exclude)
|
||||
self.filemanager = FileManager(allowed_directories=allowed_directories, working_directory=directory,
|
||||
selected_file=selected_file, exclude=exclude)
|
||||
|
||||
self.commands = {'read': self.read,
|
||||
'write': self.write,
|
||||
|
Loading…
Reference in New Issue
Block a user