if e.errno != errno.ENOENT:
# This is probably permission denied or worse
raise
- os.symlink(link, file_path)
+ os.symlink(
+ link, os.path.realpath(os.path.normpath(os.path.abspath(file_path)))
+ )
else:
folder = os.path.dirname(file_path)
if folder not in valid_paths:
--- /dev/null
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+---
+security:
+ - |
+ Coverity-CWE 22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
+ Coverity fix for 137960 Filesystem path, filename, or URI manipulation
projects / osm / common.git / commitdiff