diff options
| author | Diogo Baeder <diogobaeder@yahoo.com.br> | 2015-12-17 18:56:43 -0200 |
|---|---|---|
| committer | Diogo Baeder <diogobaeder@yahoo.com.br> | 2015-12-17 18:56:43 -0200 |
| commit | 9a5598f56633c098c13404e235cb13e32683b8c0 (patch) | |
| tree | 513c3f026a4e6357494a677d0a90e66a6e714c5e | |
| parent | 80edcf151f2faf6bc6432545865ad55bdfcf44f4 (diff) | |
| download | cherrypy-9a5598f56633c098c13404e235cb13e32683b8c0.tar.gz | |
Returning HTTP 404 for static serving when the requested path has null bytes
| -rw-r--r-- | cherrypy/lib/static.py | 2 | ||||
| -rw-r--r-- | cherrypy/test/test_static.py | 6 |
2 files changed, 6 insertions, 2 deletions
diff --git a/cherrypy/lib/static.py b/cherrypy/lib/static.py index a630dae6..a26dd4ac 100644 --- a/cherrypy/lib/static.py +++ b/cherrypy/lib/static.py @@ -49,7 +49,7 @@ def serve_file(path, content_type=None, disposition=None, name=None, try: st = os.stat(path) - except OSError: + except (OSError, TypeError): if debug: cherrypy.log('os.stat(%r) failed' % path, 'TOOLS.STATIC') raise cherrypy.NotFound() diff --git a/cherrypy/test/test_static.py b/cherrypy/test/test_static.py index 0526844f..3d6f07bf 100644 --- a/cherrypy/test/test_static.py +++ b/cherrypy/test/test_static.py @@ -119,7 +119,7 @@ class StaticTest(helper.CPWebCase): pass teardown_server = staticmethod(teardown_server) - def testStatic(self): + def test_static(self): self.getPage("/static/index.html") self.assertStatus('200 OK') self.assertHeader('Content-Type', 'text/html') @@ -333,6 +333,10 @@ class StaticTest(helper.CPWebCase): self.assertStatus(404) self.assertInBody("I couldn't find that thing") + def test_null_bytes(self): + self.getPage("/static/\x00") + self.assertStatus('404 Not Found') + def error_page_404(status, message, traceback, version): import os.path return static.serve_file(os.path.join(curdir, 'static', '404.html'), |