Skip to content

Commit

Permalink
Ref #27 corrected removing temp files in web
Browse files Browse the repository at this point in the history 
Signed-off-by: Krzysztof Kaźmierczyk <[email protected]>
  • Loading branch information
@kkazmierczyk
kkazmierczyk committed Dec 4, 2024
1 parent f7b25f7 commit 1dbeecb
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions src/javacore_analyser/javacore_analyser_web.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -103,7 +103,7 @@ def upload_file():
javacores_temp_dir_name = os.path.normpath(os.path.join(reports_dir, TEMP_DIR, report_name))
if not javacores_temp_dir_name.startswith(reports_dir):
raise Exception("Security exception: Uncontrolled data used in path expression")
javacores_temp_dir = os.mkdir(javacores_temp_dir_name)
os.mkdir(javacores_temp_dir_name)


# Get the list of files from webpage
Expand All @@ -127,7 +127,7 @@ def upload_file():
time.sleep(1) # Give 1 second to generate index.html in processing_thread before redirecting
return redirect("/reports/" + report_name + "/index.html")
finally:
shutil.rmtree(javacores_temp_dir, ignore_errors=True)
shutil.rmtree(javacores_temp_dir_name, ignore_errors=True)

Check failure

Code scanning / CodeQL

Uncontrolled data used in path expression High

This path depends on a
user-provided value
Loading
.

def main():
debug = os.getenv("DEBUG", False)
Expand Down

0 comments on commit 1dbeecb

Please sign in to comment.