(name, allow_relative_path=False)
| 5 | |
| 6 | |
| 7 | def validate_file_name(name, allow_relative_path=False): |
| 8 | # Remove potentially dangerous names |
| 9 | if os.path.basename(name) in {"", ".", ".."}: |
| 10 | raise SuspiciousFileOperation("Could not derive file name from '%s'" % name) |
| 11 | |
| 12 | if allow_relative_path: |
| 13 | # Ensure that name can be treated as a pure posix path, i.e. Unix |
| 14 | # style (with forward slashes). |
| 15 | path = pathlib.PurePosixPath(str(name).replace("\\", "/")) |
| 16 | if path.is_absolute() or ".." in path.parts: |
| 17 | raise SuspiciousFileOperation( |
| 18 | "Detected path traversal attempt in '%s'" % name |
| 19 | ) |
| 20 | elif name != os.path.basename(name): |
| 21 | raise SuspiciousFileOperation("File name '%s' includes path elements" % name) |
| 22 | |
| 23 | return name |
| 24 | |
| 25 | |
| 26 | class FileProxyMixin: |
no test coverage detected