Handle null byte when serving static files (#1574)

Handle null byte when serving requests for paths with null bytes.
2020-03-13 06:56:04 -07:00 · 2020-03-13 06:56:04 -07:00 · 3cc2394a12
parent 1f29a6d3e3
commit 3cc2394a12
2 changed files with 10 additions and 2 deletions
--- a/lib/sinatra/base.rb
+++ b/lib/sinatra/base.rb
@ -1058,8 +1058,11 @@ module Sinatra
    # Attempt to serve static files from public directory. Throws :halt when
    # a matching file is found, returns nil otherwise.
    def static!(options = {})
-      return if (public_dir = settings.public_folder).nil?
-      path = File.expand_path("#{public_dir}#{URI_INSTANCE.unescape(request.path_info)}" )
+      return if (public_dir = settings.public_folder).nil?      
+      path = "#{public_dir}#{URI_INSTANCE.unescape(request.path_info)}"
+      return unless valid_path?(path)
+      
+      path = File.expand_path(path)
      return unless File.file?(path)

      env['sinatra.static_file'] = path
--- a/test/static_test.rb
+++ b/test/static_test.rb
@ -59,6 +59,11 @@ class StaticTest < Minitest::Test
    assert not_found?
  end

+  it 'passes to the next handler when the path contains null bytes' do
+    get "/foo%00"
+    assert not_found?
+  end
+
  it 'passes to the next handler when the static option is disabled' do
    @app.set :static, false
    get "/#{File.basename(__FILE__)}"