00asdf/CSharpHttpServer
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

improve static serve jail

Browse Source
This commit is contained in:
GHXX 2024-01-26 19:49:04 +01:00
parent 6cc849bf01
commit 0bfe34ab6b
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
SimpleHttpServer/HttpServer.cs
View File

@ -253,7 +253,7 @@ public sealed class HttpServer {
if (reqPath.StartsWith(k)) { // do a static serve if (reqPath.StartsWith(k)) { // do a static serve
wasStaticlyServed = true; wasStaticlyServed = true;
var relativeStaticReqPath = reqPath[k.Length..]; var relativeStaticReqPath = reqPath[k.Length..];
var staticResponsePath = Path.Combine(v, relativeStaticReqPath.TrimStart('/')); var staticResponsePath = Path.GetFullPath(Path.Join(v, relativeStaticReqPath.TrimStart('/')));
if (Path.GetRelativePath(v, staticResponsePath).Contains("..")) { if (Path.GetRelativePath(v, staticResponsePath).Contains("..")) {
requestLogger.Warning($"Blocked GET request to {reqPath} as somehow the target file does not lie inside the static serve folder? Are you using symlinks?"); requestLogger.Warning($"Blocked GET request to {reqPath} as somehow the target file does not lie inside the static serve folder? Are you using symlinks?");