sascha/esphome
1
0
Fork 0
mirror of https://github.com/esphome/esphome.git synced 2025-10-30 22:53:59 +00:00
Code Issues Releases Wiki Activity

Verify rel_path output is relative (#4247)

Browse Source
This commit is contained in:
Paulus Schoutsen
2023-02-08 20:20:30 -05:00
committed by GitHub
parent 2fbd33267e
commit 17ea0efb08
1 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
esphome/dashboard/dashboard.py
View File

@@ -55,6 +55,7 @@ class DashboardSettings:
self.using_password = False self.using_password = False
self.on_ha_addon = False self.on_ha_addon = False
self.cookie_secret = None self.cookie_secret = None
self.absolute_config_dir = None
def parse_args(self, args): def parse_args(self, args):
self.on_ha_addon = args.ha_addon self.on_ha_addon = args.ha_addon
@@ -65,6 +66,7 @@ class DashboardSettings:
if self.using_password: if self.using_password:
self.password_hash = password_hash(password) self.password_hash = password_hash(password)
self.config_dir = args.configuration self.config_dir = args.configuration
self.absolute_config_dir = Path(self.config_dir).resolve()
@property @property
def relative_url(self): def relative_url(self):
@@ -94,7 +96,10 @@ class DashboardSettings:
return hmac.compare_digest(self.password_hash, password_hash(password)) return hmac.compare_digest(self.password_hash, password_hash(password))
def rel_path(self, *args): def rel_path(self, *args):
return os.path.join(self.config_dir, *args) joined_path = os.path.join(self.config_dir, *args)
# Raises ValueError if not relative to ESPHome config folder
Path(joined_path).resolve().relative_to(self.absolute_config_dir)
return joined_path
def list_yaml_files(self): def list_yaml_files(self):
return util.list_yaml_files([self.config_dir]) return util.list_yaml_files([self.config_dir])