Awight has uploaded a new change for review. (
https://gerrit.wikimedia.org/r/346229 )
Change subject: Protect against symlinks and ".." directory transversal
......................................................................
Protect against symlinks and ".." directory transversal
Change-Id: I3010eb948e51c09ed7b18e94246b951aa4140634
---
M processcontrol/job_wrapper.py
1 file changed, 4 insertions(+), 0 deletions(-)
git pull
ssh://gerrit.wikimedia.org:29418/wikimedia/fundraising/process-control
refs/changes/29/346229/1
diff --git a/processcontrol/job_wrapper.py b/processcontrol/job_wrapper.py
index 3ec58bf..f3c9ca2 100644
--- a/processcontrol/job_wrapper.py
+++ b/processcontrol/job_wrapper.py
@@ -37,6 +37,10 @@
def __init__(self, slug=None):
self.global_config = config.GlobalConfiguration()
self.config_path = job_path_for_slug(slug)
+
+ # Validate that we're not allowing directory traversal.
+ assert os.path.dirname(os.path.realpath(self.config_path)) ==
os.path.abspath(self.global_config.get("job_directory"))
+
self.config = config.JobConfiguration(self.global_config,
self.config_path)
self.name = self.config.get("name")
--
To view, visit https://gerrit.wikimedia.org/r/346229
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I3010eb948e51c09ed7b18e94246b951aa4140634
Gerrit-PatchSet: 1
Gerrit-Project: wikimedia/fundraising/process-control
Gerrit-Branch: master
Gerrit-Owner: Awight <awi...@wikimedia.org>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
