Salastil/odysseus
1
0
Fork 0
mirror of https://github.com/pewdiepie-archdaemon/odysseus.git synced 2026-06-16 09:45:24 -04:00
Code Issues Packages Projects Releases Wiki Activity

fix: inside_base_dir raises TypeError on a non-string path instead of failing closed (#1619)

Browse Source
This commit is contained in:
Afonso Coutinho
2026-06-03 01:00:04 +01:00
committed by GitHub
parent 2d94e38d23
commit fc220f760f
2 changed files with 21 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tests/test_inside_base_dir_nonstring.py
+19
View File
@@ -0,0 +1,19 @@
"""Regression: inside_base_dir must fail closed on a non-string input.
The `os.path.realpath(path)` calls run before the try/except (which only wraps
commonpath), so a None / non-string path raised TypeError out of this
path-safety check instead of returning False.
"""
from src.app_helpers import inside_base_dir
def test_non_string_fails_closed():
assert inside_base_dir("/tmp", None) is False
assert inside_base_dir("/tmp", 123) is False
assert inside_base_dir(None, "/tmp/x") is False
def test_real_containment_still_works(tmp_path):
base = str(tmp_path)
assert inside_base_dir(base, str(tmp_path / "a.txt")) is True
assert inside_base_dir(base, "/etc/passwd") is False