directory-traversal

I have a directory containing some files, some directories, some symlinks to files and some symlinks to directories. When I do os.walk() with followlinks=false in the directory, I get the files and symlinks to files in the filenames list and the directories in the dirnames list. But the symlinks to directories does not show up anywhere. Is this a bug or a feature in Python, or am I doing something wrong? I expect the symlinks to directories to show up in the filenames list, because they are not directories but symlinks, and the other symlinks (to other files) show up in the filenames list.

I want to verify that my web application does not have a path traversal vulnerability. I'm trying to use curl for that, like this: $ curl -v http://www.example.com/directory/../ I would like the HTTP request to be explicitly made to the /directory/../ URL, to test that a specific nginx rule involving proxy is not vulnerable to path traversal. I.e., I would like this HTTP request to be sent: > GET /directory/../ HTTP/1.1 But curl is rewriting the request as to the / URL, as can be seen in the output: * Rebuilt URL to: http://www.example.com/ (...) > GET / HTTP/1.1 Is it possible to use curl for

How do I get this piece to follow symlinks in python 2.6? def load_recursive(self, path): for subdir, dirs, files in os.walk(path): for file in files: if file.endswith('.xml'): file_path = os.path.join(subdir, file) try: do_stuff(file_path) except: continue Set followlinks to True . This is the fourth argument to the os.walk method, reproduced below: os.walk(top[, topdown=True[, onerror=None[, followlinks=False]]]) This option was added in Python 2.6. 来源： https://stackoverflow.com/questions/3771696/python-os-walk-follow-symlinks

Is the following code snippet from a Python WSGI app safe from directory traversal? It reads a file name passed as parameter and returns the named file. file_name = request.path_params["file"] file = open(file_name, "rb") mime_type = mimetypes.guess_type(file_name)[0] start_response(status.OK, [('Content-Type', mime_type)]) return file I mounted the app under http://localhost:8000/file/{file} and sent requests with the URLs http://localhost:8000/file/../alarm.gif and http://localhost:8000/file/%2e%2e%2falarm.gif . But none of my attempts delivered the (existing) file. So is my code already

How do you traverse a directory tree in your favorite language? What do you need to know to traverse a directory tree in different operating systems? On different filesystems? What's your favorite library/module for aiding in traversing a directory tree? fuentesjr In Python : If you're looking for a quick, clean, and portable solution try: import os base_dir = '.' def foo(arg, curr_dir, files): print curr_dir print files os.path.walk(base_dir, foo, None) Note that you can modify foo to do something else instead of just printing the names. Furthermore, if you're interested in migrating to

How can I recursively scan directories in Android and display file name(s)? I'm trying to scan, but it's slow (force close or wait). I'm using the FileWalker class given in a separate answer to this question . You should almost always access the file system only from a non-UI thread. Otherwise you risk blocking the UI thread for long periods and getting an ANR. Run the FileWalker in an AsyncTask 's doInBackground() . This is a slightly optimized version of FileWalker: public class Filewalker { public void walk(File root) { File[] list = root.listFiles(); for (File f : list) { if (f.isDirectory