yippie
This commit is contained in:
18
agents/modules/geoscaper/lib/security.py
Normal file
18
agents/modules/geoscaper/lib/security.py
Normal file
@@ -0,0 +1,18 @@
|
||||
import os
|
||||
|
||||
# Resolve the geoscaper module root directory
|
||||
SCRIPT_DIR = os.path.dirname(os.path.abspath(__file__)) # agents/modules/geoscaper/lib
|
||||
GEOSCAPER_DIR = os.path.abspath(os.path.join(SCRIPT_DIR, "..")) # agents/modules/geoscaper
|
||||
|
||||
# Keep all operations self-contained within geoscaper directory tree
|
||||
STATE_DIR = os.path.join(GEOSCAPER_DIR, "state")
|
||||
PROJECTS_DIR = os.path.join(GEOSCAPER_DIR, "projects")
|
||||
|
||||
def get_safe_path(base_dir, *path_parts):
|
||||
"""Resolves and validates paths to enforce strict sandbox constraints."""
|
||||
real_base = os.path.realpath(base_dir)
|
||||
real_target = os.path.realpath(os.path.join(real_base, *path_parts))
|
||||
|
||||
if not real_target.startswith(real_base + os.path.sep) and real_target != real_base:
|
||||
raise PermissionError(f"Security Fault: Path '{real_target}' escaped '{real_base}'")
|
||||
return real_target
|
||||
Reference in New Issue
Block a user