{"html_url": "https://github.com/simonw/datasette/pull/554#issuecomment-510558696", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/554", "id": 510558696, "node_id": "MDEyOklzc3VlQ29tbWVudDUxMDU1ODY5Ng==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2019-07-11T16:29:25Z", "updated_at": "2019-07-11T16:29:25Z", "author_association": "OWNER", "body": "Released as 0.29.1: https://datasette.readthedocs.io/en/latest/changelog.html#v0-29-1", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 465728430, "label": "Fix static mounts using relative paths and prevent traversal exploits"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/pull/554#issuecomment-510542280", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/554", "id": 510542280, "node_id": "MDEyOklzc3VlQ29tbWVudDUxMDU0MjI4MA==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2019-07-11T15:47:31Z", "updated_at": "2019-07-11T15:47:31Z", "author_association": "OWNER", "body": "Thanks for this!\r\n\r\nThe tests are failing for Python 3.5 right now which is strange. https://travis-ci.org/simonw/datasette/jobs/556272017\r\n\r\nOne failure looks like this:\r\n```\r\napp_client = <tests.fixtures.TestClient object at 0x7fb7803285f8>\r\n    def test_static(app_client):\r\n        response = app_client.get(\"/-/static/app2.css\")\r\n>       assert response.status == 404\r\nE       assert 500 == 404\r\nE        +  where 500 = <tests.fixtures.TestResponse object at 0x7fb780328a58>.status\r\n/home/travis/build/simonw/datasette/tests/test_html.py:56: AssertionError\r\n----------------------------- Captured stderr call -----------------------------\r\nTraceback (most recent call last):\r\n  File \"/home/travis/build/simonw/datasette/datasette/utils/asgi.py\", line 100, in __call__\r\n    return await view(new_scope, receive, send)\r\n  File \"/home/travis/build/simonw/datasette/datasette/utils/asgi.py\", line 303, in inner_static\r\n    full_path = (Path(root_path) / path).resolve().absolute()\r\n  File \"/opt/python/3.5.6/lib/python3.5/pathlib.py\", line 1109, in resolve\r\n    s = self._flavour.resolve(self)\r\n  File \"/opt/python/3.5.6/lib/python3.5/pathlib.py\", line 330, in resolve\r\n    return _resolve(base, str(path)) or sep\r\n  File \"/opt/python/3.5.6/lib/python3.5/pathlib.py\", line 315, in _resolve\r\n    target = accessor.readlink(newpath)\r\n  File \"/opt/python/3.5.6/lib/python3.5/pathlib.py\", line 422, in readlink\r\n    return os.readlink(path)\r\nFileNotFoundError: [Errno 2] No such file or directory: '/home/travis/build/simonw/datasette/datasette/static/app2.css'\r\n```\r\nMaybe an exception was renamed between 3.5 and 3.6?", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 465728430, "label": "Fix static mounts using relative paths and prevent traversal exploits"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/pull/554#issuecomment-509629331", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/554", "id": 509629331, "node_id": "MDEyOklzc3VlQ29tbWVudDUwOTYyOTMzMQ==", "user": {"value": 3243482, "label": "abdusco"}, "created_at": "2019-07-09T12:51:35Z", "updated_at": "2019-07-09T12:51:35Z", "author_association": "CONTRIBUTOR", "body": "I wanted to add a test for it too, but I've realized it's impossible to test a server process as we cannot get its exit code.\r\n\r\n```python\r\n# tests/test_cli.py\r\ndef test_static_mounts_on_windows():\r\n    if sys.platform != \"win32\":\r\n        return\r\n    runner = CliRunner()\r\n    result = runner.invoke(\r\n        cli, [\"serve\", \"--static\", r\"s:C:\\\\\"]\r\n    )\r\n    assert result.exit_code == 0\r\n```", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 465728430, "label": "Fix static mounts using relative paths and prevent traversal exploits"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/pull/554#issuecomment-509618339", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/554", "id": 509618339, "node_id": "MDEyOklzc3VlQ29tbWVudDUwOTYxODMzOQ==", "user": {"value": 3243482, "label": "abdusco"}, "created_at": "2019-07-09T12:16:32Z", "updated_at": "2019-07-09T12:16:32Z", "author_association": "CONTRIBUTOR", "body": "I've also added another fix for using static mounts with absolute paths on Windows. ", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 465728430, "label": "Fix static mounts using relative paths and prevent traversal exploits"}, "performed_via_github_app": null}