search

schenkd / nginx-ui

Nginx UI allows you to access and modify the nginx configurations files without cli.
MIT License
4.4k stars 272 forks source link

Implemented possible solution for path traversal #28

Open chris18191 opened 4 years ago

erikgeiser commented 4 years ago

It seems like you addressed the path traversal issue only in a single endpoint. Looking through endpoints.py, it seems that most API endpoints work rather similar an possibly share the same issue.

chris18191 commented 4 years ago

I added a new function to generate valid paths or return None if the path is not valid, e.g. it is no subdirectory of the given folder. Errors can now also easily be visualized by calling rendeError, which makes use Semantics error message.

schenkd commented 4 years ago

I added a new function to generate valid paths or return None if the path is not valid, e.g. it is no subdirectory of the given folder. Errors can now also easily be visualized by calling rendeError, which makes use Semantics error message.

@chris18191 First of all, thank you very much for your efforts. I see you're using lower camel-case everywhere. I did not want to mention every method in the review. Could you adapt it to the Python convention? Unfortunately, I will not be able to do an extensive review before the weekend.