From 4aa3cd97010d0597f3b6eaa8970f8db18c4c35bd Mon Sep 17 00:00:00 2001 From: Egor Tensin Date: Sat, 6 Mar 2021 01:01:23 +0300 Subject: server.py: only run from the script's directory --- server.py | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/server.py b/server.py index d5a0f35..6052b06 100755 --- a/server.py +++ b/server.py @@ -10,6 +10,7 @@ import argparse import http.server +import os import sys from app import Request @@ -18,6 +19,10 @@ from app import Request DEFAULT_PORT = 18101 +def script_dir(): + return os.path.dirname(os.path.realpath(__file__)) + + class RequestHandler(http.server.SimpleHTTPRequestHandler): def do_GET(self): try: @@ -44,6 +49,9 @@ def parse_args(args=None): def main(args=None): + # It's a failsafe; this script is only allowed to serve the directory it + # resides in. + os.chdir(script_dir()) args = parse_args(args) addr = ('', args.port) httpd = http.server.ThreadingHTTPServer(addr, RequestHandler) -- cgit v1.2.3