diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 1113fa80..f270d1dd 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -4,10 +4,12 @@ on: push: branches: - main + - current-release - "*LTS" pull_request: branches: - main + - current-release - "*LTS" types: [opened, synchronize, reopened, ready_for_review] schedule: diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index 13e82615..3cfd8726 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -3,12 +3,14 @@ on: push: branches: - main + - current-release - "*LTS" tags: - "!*" # Do not execute on tags pull_request: branches: - main + - current-release - "*LTS" jobs: test: diff --git a/.github/workflows/pr-bandit.yml b/.github/workflows/pr-bandit.yml index 92dc8991..392ac867 100644 --- a/.github/workflows/pr-bandit.yml +++ b/.github/workflows/pr-bandit.yml @@ -3,6 +3,7 @@ on: pull_request: branches: - main + - current-release - "*LTS" types: [opened, synchronize, reopened, ready_for_review] diff --git a/.github/workflows/pr-docs.yml b/.github/workflows/pr-docs.yml index 26af6308..9a326db1 100644 --- a/.github/workflows/pr-docs.yml +++ b/.github/workflows/pr-docs.yml @@ -3,6 +3,7 @@ on: pull_request: branches: - main + - current-release - "*LTS" types: [opened, synchronize, reopened, ready_for_review] diff --git a/.github/workflows/pr-linter.yml b/.github/workflows/pr-linter.yml index 655beffa..a119a3e8 100644 --- a/.github/workflows/pr-linter.yml +++ b/.github/workflows/pr-linter.yml @@ -3,6 +3,7 @@ on: pull_request: branches: - main + - current-release - "*LTS" types: [opened, synchronize, reopened, ready_for_review] diff --git a/.github/workflows/pr-python310.yml b/.github/workflows/pr-python310.yml index 5e66deec..7020fcb3 100644 --- a/.github/workflows/pr-python310.yml +++ b/.github/workflows/pr-python310.yml @@ -3,6 +3,7 @@ on: pull_request: branches: - main + - current-release - "*LTS" types: [opened, synchronize, reopened, ready_for_review] diff --git a/.github/workflows/pr-python311.yml b/.github/workflows/pr-python311.yml index f0aa49c9..f89ae731 100644 --- a/.github/workflows/pr-python311.yml +++ b/.github/workflows/pr-python311.yml @@ -3,6 +3,7 @@ on: pull_request: branches: - main + - current-release - "*LTS" types: [opened, synchronize, reopened, ready_for_review] diff --git a/.github/workflows/pr-python37.yml b/.github/workflows/pr-python37.yml index c0051d33..a0c5be23 100644 --- a/.github/workflows/pr-python37.yml +++ b/.github/workflows/pr-python37.yml @@ -3,6 +3,7 @@ on: pull_request: branches: - main + - current-release - "*LTS" types: [opened, synchronize, reopened, ready_for_review] diff --git a/.github/workflows/pr-python38.yml b/.github/workflows/pr-python38.yml index 09e93f3f..67c75054 100644 --- a/.github/workflows/pr-python38.yml +++ b/.github/workflows/pr-python38.yml @@ -3,6 +3,7 @@ on: pull_request: branches: - main + - current-release - "*LTS" types: [opened, synchronize, reopened, ready_for_review] diff --git a/.github/workflows/pr-python39.yml b/.github/workflows/pr-python39.yml index ff479459..5c922276 100644 --- a/.github/workflows/pr-python39.yml +++ b/.github/workflows/pr-python39.yml @@ -3,6 +3,7 @@ on: pull_request: branches: - main + - current-release - "*LTS" types: [opened, synchronize, reopened, ready_for_review] diff --git a/.github/workflows/pr-type-check.yml b/.github/workflows/pr-type-check.yml index 27511c74..d9ce1d28 100644 --- a/.github/workflows/pr-type-check.yml +++ b/.github/workflows/pr-type-check.yml @@ -3,6 +3,7 @@ on: pull_request: branches: - main + - current-release - "*LTS" types: [opened, synchronize, reopened, ready_for_review] diff --git a/.github/workflows/pr-windows.yml b/.github/workflows/pr-windows.yml index ca8b5879..4ae0b5be 100644 --- a/.github/workflows/pr-windows.yml +++ b/.github/workflows/pr-windows.yml @@ -3,6 +3,7 @@ on: pull_request: branches: - main + - current-release - "*LTS" types: [opened, synchronize, reopened, ready_for_review] diff --git a/sanic/__version__.py b/sanic/__version__.py index fd5f6131..3fc900d3 100644 --- a/sanic/__version__.py +++ b/sanic/__version__.py @@ -1 +1 @@ -__version__ = "23.3.0" +__version__ = "23.3.1" diff --git a/sanic/mixins/static.py b/sanic/mixins/static.py index bcffbc82..90c41bfe 100644 --- a/sanic/mixins/static.py +++ b/sanic/mixins/static.py @@ -95,7 +95,7 @@ class StaticMixin(BaseMixin, metaclass=SanicMeta): ) try: - file_or_directory = Path(file_or_directory) + file_or_directory = Path(file_or_directory).resolve() except TypeError: raise TypeError( "Static file or directory must be a path-like object or string" diff --git a/tests/test_static.py b/tests/test_static.py index fe2927bf..925a81ae 100644 --- a/tests/test_static.py +++ b/tests/test_static.py @@ -101,6 +101,31 @@ def test_static_file_pathlib(app, static_file_directory, file_name): assert response.body == get_file_content(static_file_directory, file_name) +@pytest.mark.parametrize( + "file_name", + [ + "test.file", + "decode me.txt", + "python.png", + "symlink", + "hard_link", + ], +) +def test_static_file_pathlib_relative_path_traversal( + app, static_file_directory, file_name +): + """Get the current working directory and check if it ends with "sanic" """ + cwd = Path.cwd() + if not str(cwd).endswith("sanic"): + pytest.skip("Current working directory does not end with 'sanic'") + + file_path = "./tests/static/../static/" + app.static("/", file_path) + _, response = app.test_client.get(f"/{file_name}") + assert response.status == 200 + assert response.body == get_file_content(static_file_directory, file_name) + + @pytest.mark.parametrize( "file_name", [b"test.file", b"decode me.txt", b"python.png"],