server.py: only run from the script's directory

author: Egor Tensin <Egor.Tensin@gmail.com> 2021-03-06 01:01:23 +0300
committer: Egor Tensin <Egor.Tensin@gmail.com> 2021-03-06 01:01:23 +0300
commit: 4aa3cd97010d0597f3b6eaa8970f8db18c4c35bd (patch)
tree: e6a8448dc43479d8dc10521525b012b753d58bec
parent: pacman: call systemctl on (de)installation (diff)
download: linux-status-4aa3cd97010d0597f3b6eaa8970f8db18c4c35bd.tar.gz
linux-status-4aa3cd97010d0597f3b6eaa8970f8db18c4c35bd.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/server.py b/server.py
index d5a0f35..6052b06 100755
--- a/server.py
+++ b/server.py
@@ -10,6 +10,7 @@
 
 import argparse
 import http.server
+import os
 import sys
 
 from app import Request
@@ -18,6 +19,10 @@ from app import Request
 DEFAULT_PORT = 18101
 
 
+def script_dir():
+    return os.path.dirname(os.path.realpath(__file__))
+
+
 class RequestHandler(http.server.SimpleHTTPRequestHandler):
     def do_GET(self):
         try:
@@ -44,6 +49,9 @@ def parse_args(args=None):
 
 
 def main(args=None):
+    # It's a failsafe; this script is only allowed to serve the directory it
+    # resides in.
+    os.chdir(script_dir())
     args = parse_args(args)
     addr = ('', args.port)
     httpd = http.server.ThreadingHTTPServer(addr, RequestHandler)
author	Egor Tensin <Egor.Tensin@gmail.com>	2021-03-06 01:01:23 +0300
committer	Egor Tensin <Egor.Tensin@gmail.com>	2021-03-06 01:01:23 +0300
commit	4aa3cd97010d0597f3b6eaa8970f8db18c4c35bd (patch)
tree	e6a8448dc43479d8dc10521525b012b753d58bec
parent	pacman: call systemctl on (de)installation (diff)
download	linux-status-4aa3cd97010d0597f3b6eaa8970f8db18c4c35bd.tar.gz linux-status-4aa3cd97010d0597f3b6eaa8970f8db18c4c35bd.zip