bugfix, source path needs to be resolved before comparison

pyfarm · Jan 3, 2015 · 16e56d3 · 16e56d3
1 parent bdae499
commit 16e56d3
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/pyfarm/master/api/tasklogs.py b/pyfarm/master/api/tasklogs.py
@@ -162,7 +162,7 @@ def post(self, job_id, task_id, attempt):
             return jsonify(task_id=task_id, job_id=job_id,
                            error="Specified task not found"), NOT_FOUND
 
-        path = join(LOGFILES_DIR, g.json["identifier"])
+        path = realpath(join(LOGFILES_DIR, g.json["identifier"]))
         if not realpath(path).startswith(LOGFILES_DIR):
             return jsonify(error="Identifier is not acceptable"), BAD_REQUEST
         task_log = TaskLog.query.filter_by(
@@ -294,7 +294,7 @@ def get(self, job_id, task_id, attempt, log_identifier):
             return jsonify(task_id=task.id, log=log.identifier,
                            error="Specified log not found in task"), NOT_FOUND
 
-        path = join(LOGFILES_DIR, log_identifier)
+        path = realpath(join(LOGFILES_DIR, log_identifier))
         if not realpath(path).startswith(LOGFILES_DIR):
             return jsonify(error="Identifier is not acceptable"), BAD_REQUEST
 
@@ -354,7 +354,7 @@ def put(self, job_id, task_id, attempt, log_identifier):
             return jsonify(task_id=task_id, log=log.identifier,
                            error="Specified log not found in task"), NOT_FOUND
 
-        path = join(LOGFILES_DIR, log_identifier)
+        path = realpath(join(LOGFILES_DIR, log_identifier))
         if not realpath(path).startswith(LOGFILES_DIR):
             return jsonify(error="Identifier is not acceptable"), BAD_REQUEST