handle more exceptions + sanitize fs paths in msgs

2025-08-17 09:02:15 -06:00 · 2021-08-09 01:09:20 +02:00 · 2021-08-09 01:09:20 +02:00 · 5a2b91a084
parent a50a05e4e7
commit 5a2b91a084
2 changed files with 24 additions and 8 deletions
--- a/copyparty/httpcli.py
+++ b/copyparty/httpcli.py
@ -112,7 +112,7 @@ class HttpCli(object):
            self.http_ver = "HTTP/1.1"
            # self.log("pebkac at httpcli.run #1: " + repr(ex))
            self.keepalive = False
-            self.loud_reply(unicode(ex), status=ex.code)
+            self.loud_reply(unicode(ex), status=ex.code, volsan=True)
            return self.keepalive

        # time.sleep(0.4)
@ -224,19 +224,22 @@ class HttpCli(object):
            else:
                raise Pebkac(400, 'invalid HTTP mode "{0}"'.format(self.mode))

-        except Pebkac as ex:
+        except Exception as ex:
+            pex = ex
+            if not hasattr(ex, "code"):
+                pex = Pebkac(500)
+
            try:
-                # self.log("pebkac at httpcli.run #2: " + repr(ex))
                post = self.mode in ["POST", "PUT"] or "content-length" in self.headers
-                if not self._check_nonfatal(ex, post):
+                if not self._check_nonfatal(pex, post):
                    self.keepalive = False

-                self.log("{}\033[0m, {}".format(str(ex), self.vpath), 3)
+                self.log("{}\033[0m, {}".format(min_ex(), self.vpath), 3)
                msg = "<pre>{}\r\nURL: {}\r\n".format(str(ex), self.vpath)
                if self.hint:
                    msg += "hint: {}\r\n".format(self.hint)

-                self.reply(msg.encode("utf-8", "replace"), status=ex.code)
+                self.reply(msg.encode("utf-8", "replace"), status=pex.code, volsan=True)
                return self.keepalive
            except Pebkac:
                return False
@ -269,8 +272,12 @@ class HttpCli(object):
        except:
            raise Pebkac(400, "client d/c while replying headers")

-    def reply(self, body, status=200, mime=None, headers=None):
+    def reply(self, body, status=200, mime=None, headers=None, volsan=False):
        # TODO something to reply with user-supplied values safely
+
+        if volsan:
+            body = vol_san(self.asrv.vfs.all_vols.values(), body)
+
        self.send_headers(len(body), status, mime, headers)

        try:
@ -1029,7 +1036,7 @@ class HttpCli(object):
                    raise

        except Pebkac as ex:
-            errmsg = unicode(ex)
+            errmsg = volsan(self.asrv.vfs.all_vols.values(), unicode(ex))

        td = max(0.1, time.time() - t0)
        sz_total = sum(x[0] for x in files)
--- a/copyparty/util.py
+++ b/copyparty/util.py
@ -344,6 +344,15 @@ def log_thrs(log, ival, name):
        log(name, "\033[0m \033[33m".join(tv), 3)


+def vol_san(vols, txt):
+    for vol in vols:
+        txt = txt.replace(
+            vol.realpath.encode("utf-8"), vol.vpath.encode("utf-8")
+        )
+    
+    return txt
+
+
 def min_ex():
    et, ev, tb = sys.exc_info()
    tb = traceback.extract_tb(tb)