Skip to content

Commit

Permalink
avoid unhandled error on some invalid paths (#1369)
Browse files Browse the repository at this point in the history
  • Loading branch information
minrk authored Nov 25, 2023
1 parent ecd5b1f commit 40a95e5
Showing 1 changed file with 11 additions and 0 deletions.
11 changes: 11 additions & 0 deletions jupyter_server/services/contents/fileio.py
Original file line number Diff line number Diff line change
Expand Up @@ -270,6 +270,17 @@ def _get_os_path(self, path):
if os.path.splitdrive(path)[0]:
raise HTTPError(404, "%s is not a relative API path" % path)
os_path = to_os_path(ApiPath(path), root)
# validate os path
# e.g. "foo\0" raises ValueError: embedded null byte
try:
os.lstat(os_path)
except OSError:
# OSError could be FileNotFound, PermissionError, etc.
# those should raise (or not) elsewhere
pass
except ValueError:
raise HTTPError(404, f"{path} is not a valid path") from None

if not (os.path.abspath(os_path) + os.path.sep).startswith(root):
raise HTTPError(404, "%s is outside root contents directory" % path)
return os_path
Expand Down

0 comments on commit 40a95e5

Please sign in to comment.