Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix traversals for intended results #2728

Merged
merged 3 commits into from Jul 9, 2023
Merged

Fix traversals for intended results #2728

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
5e8b2dd
Fix traversals for intended results
ahopkins Mar 30, 2023
dd54f48
Add tests to current-release
ahopkins Mar 30, 2023
0e9fa30
Merge branch 'main' into issue2726
ahopkins Jul 9, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
2 changes: 2 additions & 0 deletions .github/workflows/codeql-analysis.yml
View file
Open in desktop
Expand Up @@ -4,10 +4,12 @@ on:
push:
branches:
- main
- current-release
- "*LTS"
pull_request:
branches:
- main
- current-release
- "*LTS"
types: [opened, synchronize, reopened, ready_for_review]
schedule:
Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/coverage.yml
View file
Open in desktop
Expand Up @@ -3,12 +3,14 @@ on:
push:
branches:
- main
- current-release
- "*LTS"
tags:
- "!*" # Do not execute on tags
pull_request:
branches:
- main
- current-release
- "*LTS"
jobs:
test:
Expand Down
1 change: 1 addition & 0 deletions .github/workflows/pr-bandit.yml
View file
Open in desktop
Expand Up @@ -3,6 +3,7 @@ on:
pull_request:
branches:
- main
- current-release
- "*LTS"
types: [opened, synchronize, reopened, ready_for_review]

Expand Down
1 change: 1 addition & 0 deletions .github/workflows/pr-docs.yml
View file
Open in desktop
Expand Up @@ -3,6 +3,7 @@ on:
pull_request:
branches:
- main
- current-release
- "*LTS"
types: [opened, synchronize, reopened, ready_for_review]

Expand Down
1 change: 1 addition & 0 deletions .github/workflows/pr-linter.yml
View file
Open in desktop
Expand Up @@ -3,6 +3,7 @@ on:
pull_request:
branches:
- main
- current-release
- "*LTS"
types: [opened, synchronize, reopened, ready_for_review]

Expand Down
1 change: 1 addition & 0 deletions .github/workflows/pr-python310.yml
View file
Open in desktop
Expand Up @@ -3,6 +3,7 @@ on:
pull_request:
branches:
- main
- current-release
- "*LTS"
types: [opened, synchronize, reopened, ready_for_review]

Expand Down
1 change: 1 addition & 0 deletions .github/workflows/pr-python311.yml
View file
Open in desktop
Expand Up @@ -3,6 +3,7 @@ on:
pull_request:
branches:
- main
- current-release
- "*LTS"
types: [opened, synchronize, reopened, ready_for_review]

Expand Down
1 change: 1 addition & 0 deletions .github/workflows/pr-python37.yml
View file
Open in desktop
Expand Up @@ -3,6 +3,7 @@ on:
pull_request:
branches:
- main
- current-release
- "*LTS"
types: [opened, synchronize, reopened, ready_for_review]

Expand Down
1 change: 1 addition & 0 deletions .github/workflows/pr-python38.yml
View file
Open in desktop
Expand Up @@ -3,6 +3,7 @@ on:
pull_request:
branches:
- main
- current-release
- "*LTS"
types: [opened, synchronize, reopened, ready_for_review]

Expand Down
1 change: 1 addition & 0 deletions .github/workflows/pr-python39.yml
View file
Open in desktop
Expand Up @@ -3,6 +3,7 @@ on:
pull_request:
branches:
- main
- current-release
- "*LTS"
types: [opened, synchronize, reopened, ready_for_review]

Expand Down
1 change: 1 addition & 0 deletions .github/workflows/pr-type-check.yml
View file
Open in desktop
Expand Up @@ -3,6 +3,7 @@ on:
pull_request:
branches:
- main
- current-release
- "*LTS"
types: [opened, synchronize, reopened, ready_for_review]

Expand Down
1 change: 1 addition & 0 deletions .github/workflows/pr-windows.yml
View file
Open in desktop
Expand Up @@ -3,6 +3,7 @@ on:
pull_request:
branches:
- main
- current-release
- "*LTS"
types: [opened, synchronize, reopened, ready_for_review]

Expand Down
2 changes: 1 addition & 1 deletion sanic/__version__.py
View file
Open in desktop
@@ -1 +1 @@
__version__ = "23.3.0"
__version__ = "23.3.1"
2 changes: 1 addition & 1 deletion sanic/mixins/static.py
View file
Open in desktop
Expand Up @@ -95,7 +95,7 @@ def static(
)

try:
file_or_directory = Path(file_or_directory)
file_or_directory = Path(file_or_directory).resolve()
except TypeError:
raise TypeError(
"Static file or directory must be a path-like object or string"
Expand Down
25 changes: 25 additions & 0 deletions tests/test_static.py
View file
Open in desktop
Expand Up @@ -101,6 +101,31 @@ def test_static_file_pathlib(app, static_file_directory, file_name):
assert response.body == get_file_content(static_file_directory, file_name)


@pytest.mark.parametrize(
"file_name",
[
"test.file",
"decode me.txt",
"python.png",
"symlink",
"hard_link",
],
)
def test_static_file_pathlib_relative_path_traversal(
app, static_file_directory, file_name
):
"""Get the current working directory and check if it ends with "sanic" """
cwd = Path.cwd()
if not str(cwd).endswith("sanic"):
pytest.skip("Current working directory does not end with 'sanic'")

file_path = "./tests/static/../static/"
ahopkins marked this conversation as resolved.
Show resolved Hide resolved
app.static("/", file_path)
_, response = app.test_client.get(f"/{file_name}")
assert response.status == 200
assert response.body == get_file_content(static_file_directory, file_name)


@pytest.mark.parametrize(
"file_name",
[b"test.file", b"decode me.txt", b"python.png"],
Expand Down