2013/2/13 Michele Tartara <[email protected]>: > On Wed, Feb 13, 2013 at 11:23 AM, Michael Hanselmann <[email protected]> >> > + return os.path.join(INSTANCE_REASON_DIR, instance_name) >> >> Now that I see this, I think you should put this function into >> backend.py or utils/io.py. The reason is that you should use >> utils.PathJoin. “os.path.join”' behaviour when an argument is absolute >> or contains slashes (os.path.join("/tmp", "/bin/ls")) is undesired. If >> someone manages to inject an instance name with a slash the code might >> end up overwriting a file outside of INSTANCE_REASON_DIR. > > > Ok, I'll put it in backend.py. > But then, why is GetLogFilename in pathutils.py? > Is it because it does not receive parameters from the command line (but just > from the source code) and so there is no security risk?
As it is the functions in pathutils are only called for runtime-static paths. So only for paths not depending on a request. You are right that if a log name would depend on something in a request, a more strict version would be necessary. Michael
