M live_doc/cmdline_args.py => live_doc/cmdline_args.py +5 -2
@@ 17,8 17,11 @@ Follow with port, defaults 4000.""", nargs='?', default='no')
args.add_argument('-root',
help="Directory it will start looking for the files. Defaultly $HOME")
- args.add_argument('-permit',
- help="Directories it permits access to.",
+ args.add_argument('-allow',
+ help="Directories it allows access to.",
+ action='append')
+ args.add_argument('-deny',
+ help="Directories it denies access to. Over-rides `-allow`.",
action='append')
args.add_argument('-output-dir',
M live_doc/http_main.py => live_doc/http_main.py +5 -4
@@ 19,7 19,8 @@ auth = ConAuth.cls_args_read(args)
from live_doc.main import Main
main = Main([os.getenv("HOME") + "/.config/live_doc/", "/etc/live_doc/"],
- args, permit_dirs=args.permit or [])
+ args, allow_dirs=args.allow or [],
+ deny_dirs=args.deny or [".ssh/"])
assets = main.assets
for file in args.save or []:
@@ 81,13 82,13 @@ class RH(hs.BaseHTTPRequestHandler):
if not file:
self.send_response(403)
self.end_headers()
- self.write("Not in permitted directory")
+ self.write("Not in allowed directory")
return
- # Root directory permitted for module directory.
+ # Root directory allowed for module directory.
if ('/' + file).startswith(main.module_dir):
file = '/' + file
- if file.find("..")!=-1: # Dont permit escaping.
+ if file.find("..")!=-1: # Dont allow escaping.
print("DENIED", main.output_dir, file, main.file_ok)
self.send_response(403)
self.end_headers()
M live_doc/main.py => live_doc/main.py +11 -7
@@ 143,7 143,8 @@ colorer=highlighters.aha:highlighters.plain
""") # NOTE: wrap is used straight-up right now.
# TODO deny list?
- def __init__(self, cfg_dirs, args, file_ok=None, permit_dirs=None):
+ def __init__(self, cfg_dirs, args, file_ok=None,
+ allow_dirs=None, deny_dirs=None):
import live_doc.module_dict as module_dict
self.module_dir = '/'.join(module_dict.__file__.split('/')[:-2])
@@ 174,19 175,22 @@ colorer=highlighters.aha:highlighters.plain
self.file_ok = set() if file_ok is None else file_ok
self.notify_file = self.file_ok.add
- self.permit_dirs = permit_dirs if len(permit_dirs)>0 else ['']
+ self.allow_dirs = allow_dirs if len(allow_dirs)>0 else ['']
+ self.deny_dirs = deny_dirs if len(deny_dirs)>0 else ['']
- def permitted_file(self, filename):
- return any(map(filename.startswith, self.permit_dirs))
+ def allowed_file(self, filename):
+ if not any(map(filename.startswith, self.deny_dirs)):
+ return any(map(filename.startswith, self.allow_dirs))
+
def mangle_filename(self, filename):
if filename.startswith(":live_doc:"):
return self.module_dir + filename[10:]
elif not filename.startswith('/') and filename.find("..") == -1:
- # Must be in one of the permitted directories. (defaultly all)
- if self.permitted_file(filename)
+ # Must be in one of the allowed directories. (defaultly all)
+ if self.allowed_file(filename):
return filename
- # else Otherwise not permitted.
+ # else Otherwise not allowed.
cls = MainFileHandler