[F] Prevent path traversal attack

This commit is contained in:
Hykilpikonna
2021-11-25 15:51:16 -05:00
parent d738e9310e
commit a90f53f052
2 changed files with 12 additions and 1 deletions
+9
View File
@@ -79,6 +79,11 @@ def serve_report() -> None:
:param path: Path of the resource
:return: File resource or 404
"""
# Prevent path traversal attacks
if '..' in path:
return Response('Nope.')
# Send file
path = os.path.join(REPORT_DIR, path)
return send_from_directory(Path(path).absolute().parent, Path(path).name)
@@ -90,6 +95,10 @@ def serve_report() -> None:
:param path: Path of the resource
:return: File resource or 404
"""
# Prevent path traversal attacks
if '..' in path:
return Response('Nope.')
path = os.path.join(src_dir, 'resources', path)
return send_from_directory(Path(path).absolute().parent, Path(path).name)
+3 -1
View File
@@ -54,7 +54,7 @@ There are three divisions in this equation, so there are three possible places w
@include `/pop/ignored.md`
Graphing the results, we find that the *TODO*
Graphing the results, we find that the ***TODO***
<div class="image-row">
<div><img src="/pop/500-pop-hist.png" alt="hist"></div>
@@ -69,6 +69,8 @@ Graphing the results, we find that the *TODO*
After we answered how frequently people posted about COVID-19 and how interested are people to view these posts, we analyze our data over the posting dates to answer the second part of our research question: **How does posting frequency and people's interests in COVID-19 posts changes from the beginning of the pandemic to now?**
**_TODO_**
## References
<a id="ref1"></a>