Have scan-view guard against serving up pages outside the root directory.

author Ted Kremenek <kremenek@apple.com>

Fri, 12 Oct 2012 19:16:31 +0000 (19:16 +0000)

committer Ted Kremenek <kremenek@apple.com>

Fri, 12 Oct 2012 19:16:31 +0000 (19:16 +0000)
author Ted Kremenek <kremenek@apple.com>
Fri, 12 Oct 2012 19:16:31 +0000 (19:16 +0000)
committer Ted Kremenek <kremenek@apple.com>
Fri, 12 Oct 2012 19:16:31 +0000 (19:16 +0000)
diff --git a/clang/tools/scan-view/ScanView.py b/clang/tools/scan-view/ScanView.py

index c6dddba..3e03f1a 100644 (file)
--- a/clang/tools/scan-view/ScanView.py
+++ b/clang/tools/scan-view/ScanView.py
@@ -707,6 +707,11 @@ File Bug</h3>
          return None
  
      def send_path(self, path):
+        # If the requested path is outside the root directory, do not open it
+        rel = os.path.relpath(path, self.server.root)
+        if rel.startswith(os.pardir + os.sep):
+          return self.send_404()
+        
          ctype = self.guess_type(path)
          if ctype.startswith('text/'):
              # Patch file instead
author	Ted Kremenek <kremenek@apple.com>
	Fri, 12 Oct 2012 19:16:31 +0000 (19:16 +0000)
committer	Ted Kremenek <kremenek@apple.com>
	Fri, 12 Oct 2012 19:16:31 +0000 (19:16 +0000)