| """ |
| 路径处理工具模块 |
| 统一管理路径验证、规范化、解析等逻辑 |
| """ |
|
|
| import os |
| from pathlib import Path |
| from typing import Optional |
|
|
|
|
| def normalize_path(path: str) -> str: |
| """ |
| 统一处理路径:将空字符串转换为 "/" |
| |
| Args: |
| path: 输入路径 |
| |
| Returns: |
| 规范化后的路径 |
| """ |
| return path if path else "/" |
|
|
|
|
| def check_path_in_demo_dir(path: Path, demo_dir: Path) -> bool: |
| """ |
| 检查路径是否在demo目录内(Python 3.8兼容) |
| |
| Args: |
| path: 要检查的路径 |
| demo_dir: demo目录路径 |
| |
| Returns: |
| True 如果路径在demo目录内 |
| """ |
| try: |
| return path.is_relative_to(demo_dir) |
| except AttributeError: |
| |
| path_str = str(path) |
| demo_dir_str = str(demo_dir) |
| common = os.path.commonpath([path_str, demo_dir_str]) |
| return common == demo_dir_str |
|
|
|
|
| def validate_demo_path(path: str, demo_dir: Path) -> bool: |
| """ |
| 验证路径安全性,防止路径遍历攻击 |
| |
| Args: |
| path: 要验证的相对路径 |
| demo_dir: demo目录的绝对路径 |
| |
| Returns: |
| True 如果路径安全 |
| """ |
| if not path or path == "/": |
| return True |
| |
| |
| normalized_path = path.strip('/').replace('\\', '/') |
| |
| |
| if '..' in normalized_path.split('/'): |
| return False |
| |
| try: |
| resolved_path = (demo_dir / normalized_path).resolve() |
| demo_dir_resolved = demo_dir.resolve() |
| return check_path_in_demo_dir(resolved_path, demo_dir_resolved) |
| except Exception: |
| return False |
|
|
|
|
| def resolve_demo_path(demo_dir: Path, path: str) -> Optional[Path]: |
| """ |
| 解析并验证路径,返回绝对路径 |
| |
| Args: |
| demo_dir: demo目录的绝对路径 |
| path: 要解析的相对路径 |
| |
| Returns: |
| 解析后的绝对路径,验证失败则返回 None |
| """ |
| if not validate_demo_path(path, demo_dir): |
| return None |
| |
| if not path or path == "/": |
| return demo_dir |
| |
| return (demo_dir / path.lstrip('/')).resolve() |
|
|
|
|
