diff options
| author | Ted Kremenek <kremenek@apple.com> | 2012-10-12 19:16:31 +0000 |
|---|---|---|
| committer | Ted Kremenek <kremenek@apple.com> | 2012-10-12 19:16:31 +0000 |
| commit | 3073c58cab08369d1d29698882eec12d59259592 (patch) | |
| tree | 9aff3357efbd99ff55fc98bcf0d1614ed1284e28 /clang/tools/scan-view/ScanView.py | |
| parent | 77c6c85e84a62b53a752f2d474668411cacd3bc6 (diff) | |
| download | bcm5719-llvm-3073c58cab08369d1d29698882eec12d59259592.tar.gz bcm5719-llvm-3073c58cab08369d1d29698882eec12d59259592.zip | |
Have scan-view guard against serving up pages outside the root directory.
llvm-svn: 165815
Diffstat (limited to 'clang/tools/scan-view/ScanView.py')
| -rw-r--r-- | clang/tools/scan-view/ScanView.py | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/clang/tools/scan-view/ScanView.py b/clang/tools/scan-view/ScanView.py index c6dddba6a76..3e03f1a6a34 100644 --- a/clang/tools/scan-view/ScanView.py +++ b/clang/tools/scan-view/ScanView.py @@ -707,6 +707,11 @@ File Bug</h3> return None def send_path(self, path): + # If the requested path is outside the root directory, do not open it + rel = os.path.relpath(path, self.server.root) + if rel.startswith(os.pardir + os.sep): + return self.send_404() + ctype = self.guess_type(path) if ctype.startswith('text/'): # Patch file instead |
