Mercurial Hosting > luan
comparison src/luan/host/WebHandler.java @ 1174:bdf27aa2a65c
fix luanhost security bug
| author | Franklin Schmidt <fschmidt@gmail.com> |
|---|---|
| date | Sun, 11 Feb 2018 17:13:40 -0700 |
| parents | d30d400fd43d |
| children |
comparison
equal
deleted
inserted
replaced
| 1173:bdbd1d12c1f2 | 1174:bdf27aa2a65c |
|---|---|
| 197 public static Server server() { | 197 public static Server server() { |
| 198 return server; | 198 return server; |
| 199 } | 199 } |
| 200 | 200 |
| 201 private static final IoLuan.Security ioSecurity(String dir) { | 201 private static final IoLuan.Security ioSecurity(String dir) { |
| 202 final String siteDir = dir + "/site/"; | 202 final String siteUri = "file:" + dir + "/site"; |
| 203 return new IoLuan.Security() { | 203 return new IoLuan.Security() { |
| 204 public void check(LuanState luan,String name) throws LuanException { | 204 public void check(LuanState luan,String name) throws LuanException { |
| 205 if( name.startsWith("file:") ) { | 205 if( name.startsWith("file:") ) { |
| 206 if( name.contains("..") ) | 206 if( name.contains("..") ) |
| 207 throw new LuanException("Security violation - '"+name+"' contains '..'"); | 207 throw new LuanException("Security violation - '"+name+"' contains '..'"); |
| 208 if( !name.startsWith("file:"+siteDir) ) | 208 if( !(name.equals(siteUri) || name.startsWith(siteUri+"/")) ) |
| 209 throw new LuanException("Security violation - '"+name+"' outside of site dir"); | 209 throw new LuanException("Security violation - '"+name+"' outside of site dir"); |
| 210 } | 210 } |
| 211 else if( name.startsWith("classpath:luan/host/") ) { | 211 else if( name.startsWith("classpath:luan/host/") ) { |
| 212 throw new LuanException("Security violation"); | 212 throw new LuanException("Security violation"); |
| 213 } | 213 } |