Island: Improve directory traversal error message

2022-06-21 14:02:19 -04:00 · 2022-06-21 14:02:19 -04:00 · f9775f5b54
parent 40b192accc
commit f9775f5b54
1 changed files with 3 additions and 1 deletions
--- a/monkey/monkey_island/cc/repository/file_storage/local_storage_file_repository.py
+++ b/monkey/monkey_island/cc/repository/file_storage/local_storage_file_repository.py
@ -76,7 +76,9 @@ class LocalStorageFileRepository(IFileRepository):

        # This is a paranoid check to avoid directory traversal attacks.
        if self._storage_directory.resolve() not in safe_file_path.parents:
-            raise ValueError(f"The file named {unsafe_file_name} can not be safely retrieved")
+            raise ValueError(
+                f'The file named "{unsafe_file_name}" cannot be safely retrieved or written'
+            )

        logger.debug(f"Untrusted file name {unsafe_file_name} sanitized: {safe_file_path}")
        return safe_file_path