jeans/core
jeans/core
1
0
Fork 0
mirror of https://github.com/home-assistant/core.git synced 2025-07-26 22:57:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Remove follow symlinks support from CachingStaticResource (#109015)

Browse Source
This commit is contained in:
J. Nick Koston 2024-01-28 10:07:12 -10:00 committed by GitHub
parent b28e8a3cf0
commit b54e282801
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 5 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
homeassistant/components/http/static.py
View File

@ -19,10 +19,10 @@ from .const import KEY_HASS
CACHE_TIME: Final = 31 * 86400 # = 1 month CACHE_TIME: Final = 31 * 86400 # = 1 month
CACHE_HEADER = f"public, max-age={CACHE_TIME}" CACHE_HEADER = f"public, max-age={CACHE_TIME}"
CACHE_HEADERS: Mapping[str, str] = {hdrs.CACHE_CONTROL: CACHE_HEADER} CACHE_HEADERS: Mapping[str, str] = {hdrs.CACHE_CONTROL: CACHE_HEADER}
PATH_CACHE: LRU[tuple[str, Path, bool], tuple[Path | None, str | None]] = LRU(512) PATH_CACHE: LRU[tuple[str, Path], tuple[Path | None, str | None]] = LRU(512)
def _get_file_path(rel_url: str, directory: Path, follow_symlinks: bool) -> Path | None: def _get_file_path(rel_url: str, directory: Path) -> Path | None:
"""Return the path to file on disk or None.""" """Return the path to file on disk or None."""
filename = Path(rel_url) filename = Path(rel_url)
if filename.anchor: if filename.anchor:
@ -31,7 +31,6 @@ def _get_file_path(rel_url: str, directory: Path, follow_symlinks: bool) -> Path
# where the static dir is totally different # where the static dir is totally different
raise HTTPForbidden raise HTTPForbidden
filepath: Path = directory.joinpath(filename).resolve() filepath: Path = directory.joinpath(filename).resolve()
if not follow_symlinks:
filepath.relative_to(directory) filepath.relative_to(directory)
# on opening a dir, load its contents if allowed # on opening a dir, load its contents if allowed
if filepath.is_dir(): if filepath.is_dir():
@ -47,7 +46,7 @@ class CachingStaticResource(StaticResource):
async def _handle(self, request: Request) -> StreamResponse: async def _handle(self, request: Request) -> StreamResponse:
"""Return requested file from disk as a FileResponse.""" """Return requested file from disk as a FileResponse."""
rel_url = request.match_info["filename"] rel_url = request.match_info["filename"]
key = (rel_url, self._directory, self._follow_symlinks) key = (rel_url, self._directory)
if (filepath_content_type := PATH_CACHE.get(key)) is None: if (filepath_content_type := PATH_CACHE.get(key)) is None:
hass: HomeAssistant = request.app[KEY_HASS] hass: HomeAssistant = request.app[KEY_HASS]
try: try:

2
tests/components/http/test_static.py
View File

@ -58,4 +58,4 @@ async def test_static_path_blocks_anchors(
# it gets here but we want to make sure if aiohttp ever # it gets here but we want to make sure if aiohttp ever
# changes we still block it. # changes we still block it.
with pytest.raises(HTTPForbidden): with pytest.raises(HTTPForbidden):
_get_file_path(canonical_url, tmp_path, False) _get_file_path(canonical_url, tmp_path)