From a8018afd46360a6620f3de955ba37d538d84aad1 Mon Sep 17 00:00:00 2001 From: Eric Callahan Date: Sun, 6 Nov 2022 07:21:48 -0500 Subject: [PATCH] file_manager: always deny access to .git folders Signed-off-by: Eric Callahan --- .../components/file_manager/file_manager.py | 27 +++++++++++-------- 1 file changed, 16 insertions(+), 11 deletions(-) diff --git a/moonraker/components/file_manager/file_manager.py b/moonraker/components/file_manager/file_manager.py index 95417e5..cc2b91f 100644 --- a/moonraker/components/file_manager/file_manager.py +++ b/moonraker/components/file_manager/file_manager.py @@ -251,6 +251,8 @@ class FileManager: if isinstance(req_path, str): req_path = pathlib.Path(req_path) req_path = req_path.expanduser().resolve() + if ".git" in req_path.parts: + return True for name, (res_path, can_read) in self.reserved_paths.items(): if ( (res_path == req_path or res_path in req_path.parents) and @@ -543,18 +545,21 @@ class FileManager: path = pathlib.Path(path) real_path = path.resolve() fstat = path.stat() - permissions = "rw" - if ( - root not in self.full_access_roots or - (path.is_symlink() and path.is_file()) - ): - permissions = "r" - for name, (res_path, can_read) in self.reserved_paths.items(): - if (res_path == real_path or res_path in real_path.parents): - if not can_read: - permissions = "" - break + if ".git" in real_path.parts: + permissions = "" + else: + permissions = "rw" + if ( + root not in self.full_access_roots or + (path.is_symlink() and path.is_file()) + ): permissions = "r" + for name, (res_path, can_read) in self.reserved_paths.items(): + if (res_path == real_path or res_path in real_path.parents): + if not can_read: + permissions = "" + break + permissions = "r" return { 'modified': fstat.st_mtime, 'size': fstat.st_size,