docker
/
docker-py
mirror of https://github.com/docker/docker-py.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Resolve path traversal in .dockerignore patterns 

Signed-off-by: Aanand Prasad <aanand.prasad@gmail.com>
This commit is contained in:
Aanand Prasad 2016-05-16 15:45:35 +01:00
parent 8b416796d5
commit 5ebf4b8ec7
2 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
docker/utils/utils.py
View File

@ -199,6 +199,9 @@ def get_paths(root, exclude_patterns, include_patterns, has_exceptions=False):
def match_path(path, pattern):
pattern = pattern.rstrip('/')
if pattern:
pattern = os.path.relpath(pattern)
pattern_components = pattern.split('/')
path_components = path.split('/')[:len(pattern_components)]
return fnmatch('/'.join(path_components), pattern)

8
tests/unit/utils_test.py
View File

@ -802,6 +802,9 @@ class ExcludePathsTest(base.BaseTestCase):
def test_single_filename(self):
assert self.exclude(['a.py']) == self.all_paths - set(['a.py'])
def test_single_filename_leading_dot_slash(self):
assert self.exclude(['./a.py']) == self.all_paths - set(['a.py'])
# As odd as it sounds, a filename pattern with a trailing slash on the
# end *will* result in that file being excluded.
def test_single_filename_trailing_slash(self):
@ -831,6 +834,11 @@ class ExcludePathsTest(base.BaseTestCase):
def test_single_subdir_single_filename(self):
assert self.exclude(['foo/a.py']) == self.all_paths - set(['foo/a.py'])
def test_single_subdir_with_path_traversal(self):
assert self.exclude(['foo/whoops/../a.py']) == self.all_paths - set([
'foo/a.py',
])
def test_single_subdir_wildcard_filename(self):
assert self.exclude(['foo/*.py']) == self.all_paths - set([
'foo/a.py', 'foo/b.py',