Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- file_name = request.path_params["file"]
- file = open(file_name, "rb")
- mime_type = mimetypes.guess_type(file_name)[0]
- start_response(status.OK, [('Content-Type', mime_type)])
- return file
- file_name = request.path_params["file"]
- absolute_path = os.path.join(self.base_directory, file_name)
- normalized_path = os.path.normpath(absolute_path)
- # security check to prevent directory traversal
- if not normalized_path.startswith(self.base_directory):
- raise IOError()
- file = open(normalized_path, "rb")
- mime_type = mimetypes.guess_type(normalized_path)[0]
- start_response(status.OK, [('Content-Type', mime_type)])
- return file
- >>> import os.path
- >>> os.curdir
- '.'
- >>> startdir = os.path.abspath(os.curdir)
- >>> startdir
- '/home/jterrace'
- >>> filename = "/etc/passwd"
- >>> requested_path = os.path.relpath(filename, startdir)
- >>> requested_path
- '../../etc/passwd'
- >>> requested_path = os.path.abspath(requested_path)
- >>> requested_path
- '/etc/passwd'
- >>> os.path.commonprefix([requested_path, startdir])
- '/'
- file_name = request.path_params["file"]
- file_name = os.path.basename(file_name)
- file = open(os.path.join("/path", file_name), "rb")
- >>> os.path.basename('../../filename')
- 'filename'
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement