From: 涵曦 Date: Sun, 1 Dec 2024 16:46:16 +0000 (+0800) Subject: Fix: Resolve the issue where the directory itself being a symlink does not work.... X-Git-Tag: 0.42.0~8 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=eee4cdc;p=thirdparty%2Fstarlette.git Fix: Resolve the issue where the directory itself being a symlink does not work. (#2711) --- diff --git a/starlette/staticfiles.py b/starlette/staticfiles.py index 7498c301..746e740e 100644 --- a/starlette/staticfiles.py +++ b/starlette/staticfiles.py @@ -155,7 +155,7 @@ class StaticFiles: full_path = os.path.abspath(joined_path) else: full_path = os.path.realpath(joined_path) - directory = os.path.realpath(directory) + directory = os.path.realpath(directory) if os.path.commonpath([full_path, directory]) != directory: # Don't allow misbehaving clients to break out of the static files # directory. diff --git a/tests/test_staticfiles.py b/tests/test_staticfiles.py index 8beb3cd8..8f742359 100644 --- a/tests/test_staticfiles.py +++ b/tests/test_staticfiles.py @@ -559,3 +559,23 @@ def test_staticfiles_avoids_path_traversal(tmp_path: Path) -> None: assert exc_info.value.status_code == 404 assert exc_info.value.detail == "Not Found" + + +def test_staticfiles_self_symlinks(tmpdir: Path, test_client_factory: TestClientFactory) -> None: + statics_path = os.path.join(tmpdir, "statics") + os.mkdir(statics_path) + + source_file_path = os.path.join(statics_path, "index.html") + with open(source_file_path, "w") as file: + file.write("

Hello

") + + statics_symlink_path = os.path.join(tmpdir, "statics_symlink") + os.symlink(statics_path, statics_symlink_path) + + app = StaticFiles(directory=statics_symlink_path, follow_symlink=True) + client = test_client_factory(app) + + response = client.get("/index.html") + assert response.url == "http://testserver/index.html" + assert response.status_code == 200 + assert response.text == "

Hello

"