From: Ted Kremenek <kremenek@apple.com>
Date: Fri, 12 Oct 2012 19:16:31 +0000 (+0000)
Subject: Have scan-view guard against serving up pages outside the root directory.
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=3073c58cab08369d1d29698882eec12d59259592;p=platform%2Fupstream%2Fllvm.git

Have scan-view guard against serving up pages outside the root directory.

llvm-svn: 165815
---

diff --git a/clang/tools/scan-view/ScanView.py b/clang/tools/scan-view/ScanView.py
index c6dddba..3e03f1a 100644
--- a/clang/tools/scan-view/ScanView.py
+++ b/clang/tools/scan-view/ScanView.py
@@ -707,6 +707,11 @@ File Bug</h3>
         return None
 
     def send_path(self, path):
+        # If the requested path is outside the root directory, do not open it
+        rel = os.path.relpath(path, self.server.root)
+        if rel.startswith(os.pardir + os.sep):
+          return self.send_404()
+        
         ctype = self.guess_type(path)
         if ctype.startswith('text/'):
             # Patch file instead