symlinks are ok in traversal_safe_path

rmorshea · rmorshea · commit 1e6f33ebde83 · 2022-04-05T20:36:16.000-07:00
diff --git a/src/idom/server/utils.py b/src/idom/server/utils.py
@@ -73,11 +73,13 @@ def safe_web_modules_dir_path(path: str) -> Path:
 
 def traversal_safe_path(root: str | Path, *unsafe: str | Path) -> Path:
     """Raise a ``ValueError`` if the ``unsafe`` path resolves outside the root dir."""
-    root = Path(root).resolve()
-    # resolve relative paths and symlinks
-    path = root.joinpath(*unsafe).resolve()
+    root = os.path.abspath(root)
 
-    if os.path.commonprefix([root, path]) != str(root):
+    # Resolve relative paths but not symlinks - symlinks should be ok since their
+    # presence and where they point is under the control of the developer.
+    path = os.path.abspath(os.path.join(root, *unsafe))
+
+    if os.path.commonprefix([root, path]) != root:
         # If the common prefix is not root directory we resolved outside the root dir
         raise ValueError("Unsafe path")
 
diff --git a/tests/test_server/test_utils.py b/tests/test_server/test_utils.py
@@ -64,10 +64,3 @@ def run_in_thread():
 def test_catch_unsafe_relative_path_traversal(tmp_path, bad_path):
     with pytest.raises(ValueError, match="Unsafe path"):
         traversal_safe_path(tmp_path, *bad_path.split("/"))
-
-
-def test_catch_unsafe_symlink_path_traversal(tmp_path):
-    symlink: Path = tmp_path / "file.txt"
-    symlink.symlink_to(tmp_path.parent / "escaped-file.txt")
-    with pytest.raises(ValueError, match="Unsafe path"):
-        traversal_safe_path(tmp_path, "file.txt")
