~jasper/live_doc

f74783722b4d6dc0b2893f5fcff013784b6537e2 — Jasper den Ouden 2 years ago 6f09426 main
Add deny -list. Rename permit to allow(list)
3 files changed, 21 insertions(+), 13 deletions(-)

M live_doc/cmdline_args.py
M live_doc/http_main.py
M live_doc/main.py
M live_doc/cmdline_args.py => live_doc/cmdline_args.py +5 -2
@@ 17,8 17,11 @@ Follow with port, defaults 4000.""", nargs='?', default='no')
    args.add_argument('-root',
        help="Directory it will start looking for the files. Defaultly $HOME")

    args.add_argument('-permit',
        help="Directories it permits access to.",
    args.add_argument('-allow',
        help="Directories it allows access to.",
        action='append')
    args.add_argument('-deny',
        help="Directories it denies access to. Over-rides `-allow`.",
        action='append')

    args.add_argument('-output-dir',

M live_doc/http_main.py => live_doc/http_main.py +5 -4
@@ 19,7 19,8 @@ auth = ConAuth.cls_args_read(args)
from live_doc.main import Main

main = Main([os.getenv("HOME") + "/.config/live_doc/", "/etc/live_doc/"],
            args, permit_dirs=args.permit or [])
            args, allow_dirs=args.allow or [],
                  deny_dirs=args.deny or [".ssh/"])
assets = main.assets

for file in args.save or []:


@@ 81,13 82,13 @@ class RH(hs.BaseHTTPRequestHandler):
        if not file:
            self.send_response(403)
            self.end_headers()
            self.write("Not in permitted directory")
            self.write("Not in allowed directory")
            return
        # Root directory permitted for module directory.
        # Root directory allowed for module directory.
        if ('/' + file).startswith(main.module_dir):
            file = '/' + file

        if file.find("..")!=-1:  # Dont permit escaping.
        if file.find("..")!=-1:  # Dont allow escaping.
            print("DENIED", main.output_dir, file, main.file_ok)
            self.send_response(403)
            self.end_headers()

M live_doc/main.py => live_doc/main.py +11 -7
@@ 143,7 143,8 @@ colorer=highlighters.aha:highlighters.plain
""")  # NOTE: wrap is used straight-up right now.

    # TODO deny list?
    def __init__(self, cfg_dirs, args, file_ok=None, permit_dirs=None):
    def __init__(self, cfg_dirs, args, file_ok=None,
                 allow_dirs=None, deny_dirs=None):
        import live_doc.module_dict as module_dict
        self.module_dir = '/'.join(module_dict.__file__.split('/')[:-2])



@@ 174,19 175,22 @@ colorer=highlighters.aha:highlighters.plain
        self.file_ok = set() if file_ok is None else file_ok
        self.notify_file = self.file_ok.add

        self.permit_dirs = permit_dirs if len(permit_dirs)>0 else ['']
        self.allow_dirs = allow_dirs if len(allow_dirs)>0 else ['']
        self.deny_dirs = deny_dirs if len(deny_dirs)>0 else ['']

    def permitted_file(self, filename):
        return any(map(filename.startswith, self.permit_dirs))
    def allowed_file(self, filename):
        if not any(map(filename.startswith, self.deny_dirs)):
            return any(map(filename.startswith, self.allow_dirs))
                

    def mangle_filename(self, filename):
        if filename.startswith(":live_doc:"):
            return self.module_dir + filename[10:]
        elif not filename.startswith('/') and filename.find("..") == -1:
            # Must be in one of the permitted directories. (defaultly all)
            if self.permitted_file(filename)
            # Must be in one of the allowed directories. (defaultly all)
            if self.allowed_file(filename):
                return filename
        # else  Otherwise not permitted.
        # else  Otherwise not allowed.

    cls = MainFileHandler