← Back to branch summary

~bzr-pqm/bzr/bzr.dev

« back to all changes in this revision

Viewing changes to bzrlib/transport/http/wsgi.py

Use ChrootTransportDecorator so that the WSGI server won't let you access the entire filesystem.

Show diffs side-by-side

added added

removed removed

Lines of Context:
bzrlib/transport/http/wsgi.py
22
22
 
23
23
from cStringIO import StringIO
24
24
 
25
 
from bzrlib.transport import get_transport, smart
 
25
from bzrlib.transport import chroot, get_transport, smart
26
26
from bzrlib.urlutils import local_path_to_url
27
27
    
28
28
 
86
86
        :param backing_transport: a transport.  Requests will be processed
87
87
            relative to this transport.
88
88
        """
89
 
        self.backing_transport = backing_transport
 
89
        # Use a ChrootTransportDecorator so that this web application won't
 
90
        # accidentally let people access locations they shouldn't.
 
91
        # e.g. consider a smart server request for "get /etc/passwd" or
 
92
        # something.
 
93
        self.backing_transport = chroot.ChrootTransportDecorator(
 
94
            'chroot+' + backing_transport.base, _decorated=backing_transport)
90
95
 
91
96
    def __call__(self, environ, start_response):
92
97
        """WSGI application callable."""
96
101
 
97
102
        relpath = environ['bzrlib.relpath']
98
103
        transport = self.backing_transport.clone(relpath)
99
 
        #assert transport.base.startswith(self.backing_transport.base)
100
104
        out_buffer = StringIO()
101
105
        smart_protocol_request = self.make_request(transport, out_buffer.write)
102
106
        request_data_length = int(environ['CONTENT_LENGTH'])