18 lines
855 B
Python
18 lines
855 B
Python
import os
|
|
|
|
# Resolve the geoscaper module root directory
|
|
SCRIPT_DIR = os.path.dirname(os.path.abspath(__file__)) # agents/modules/geoscaper/lib
|
|
GEOSCAPER_DIR = os.path.abspath(os.path.join(SCRIPT_DIR, "..")) # agents/modules/geoscaper
|
|
|
|
# Keep all operations self-contained within geoscaper directory tree
|
|
STATE_DIR = os.path.join(GEOSCAPER_DIR, "state")
|
|
PROJECTS_DIR = os.path.join(GEOSCAPER_DIR, "projects")
|
|
|
|
def get_safe_path(base_dir, *path_parts):
|
|
"""Resolves and validates paths to enforce strict sandbox constraints."""
|
|
real_base = os.path.realpath(base_dir)
|
|
real_target = os.path.realpath(os.path.join(real_base, *path_parts))
|
|
|
|
if not real_target.startswith(real_base + os.path.sep) and real_target != real_base:
|
|
raise PermissionError(f"Security Fault: Path '{real_target}' escaped '{real_base}'")
|
|
return real_target |