Merge pull request #96 from make-me/reject-local-files

Reject local files

server/app.rb

@@ -76,6 +76,12 @@ def progress
       slicer_args = (args[:slicer_args] || {})
       quality     = (args[:quality]  || 'medium')
 
+      # ensure no URLs point ot the local file system
+      stl_urls.each do |url|
+        uri = URI.parse(url)
+        halt 406, "Need a remote file" if uri.scheme == 'file'
+      end
+
       normalizer_args = {}
       normalizer_args[:count] = count if count
       normalizer_args[:scale] = scale if scale

spec/app_spec.rb

@@ -45,6 +45,11 @@
                            and_return(normalizer)
         post '/print', Yajl::Encoder.encode({:url => urls, :scale => scale, :count => count})
       end
+
+      it 'rejects local files' do
+        post '/print', Yajl::Encoder.encode({:url => ['file:///etc/passwd']})
+        expect(last_response.status).to eq(406)
+      end
     end
   end
 end