Have scan-view guard against serving up pages outside the root directory. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@165815 91177308-0d34-0410-b5e6-96231b3b80d8

commit: 44cbe67dc0e0a35c5369689710a25603ba67356f [log] [tgz]
author: Ted Kremenek <kremenek@apple.com> Fri Oct 12 19:16:31 2012 +0000
committer: Ted Kremenek <kremenek@apple.com> Fri Oct 12 19:16:31 2012 +0000
tree: 2725b7683a870fdf9b4b89d3e9012a0dfd708af3
parent: 47fcbba7c8f621535ed7fa632327264c1c0b84f0 [diff] [blame]
diff --git a/tools/scan-view/ScanView.py b/tools/scan-view/ScanView.py
index c6dddba..3e03f1a 100644
--- a/tools/scan-view/ScanView.py
+++ b/tools/scan-view/ScanView.py

@@ -707,6 +707,11 @@
         return None
 
     def send_path(self, path):
+        # If the requested path is outside the root directory, do not open it
+        rel = os.path.relpath(path, self.server.root)
+        if rel.startswith(os.pardir + os.sep):
+          return self.send_404()
+        
         ctype = self.guess_type(path)
         if ctype.startswith('text/'):
             # Patch file instead
commit	44cbe67dc0e0a35c5369689710a25603ba67356f	[log] [tgz]
author	Ted Kremenek <kremenek@apple.com>	Fri Oct 12 19:16:31 2012 +0000
committer	Ted Kremenek <kremenek@apple.com>	Fri Oct 12 19:16:31 2012 +0000
tree	2725b7683a870fdf9b4b89d3e9012a0dfd708af3
parent	47fcbba7c8f621535ed7fa632327264c1c0b84f0 [diff] [blame]