From d1ec7f88a63a1c83cdde00f7fceca58936cb6fa5 Mon Sep 17 00:00:00 2001 From: belthlemar Date: Fri, 20 Dec 2024 15:18:39 +0100 Subject: [PATCH] fix(list_dir): check permissions before reading and remove . and $ folders --- antarest/study/storage/explorer_service.py | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/antarest/study/storage/explorer_service.py b/antarest/study/storage/explorer_service.py index fa9ef7fa30..9e1ec266b6 100644 --- a/antarest/study/storage/explorer_service.py +++ b/antarest/study/storage/explorer_service.py @@ -11,6 +11,7 @@ # This file is part of the Antares project. import logging +import os from typing import List from antarest.core.config import Config @@ -40,11 +41,19 @@ def list_dir( workspace = get_workspace_from_config(self.config, workspace_name, default_allowed=False) directory_path = get_folder_from_workspace(workspace, workspace_directory_path) directories = [] - for child in directory_path.iterdir(): - if child.is_dir() and not is_study_folder(child) and not should_ignore_folder_for_scan(child): - # we don't want to expose the full absolute path on the server - child_rel_path = child.relative_to(workspace.path) - directories.append(NonStudyFolderDTO(path=child_rel_path, workspace=workspace_name, name=child.name)) + if os.access(directory_path, os.R_OK): # we don't want to try to read folders we can't access + for child in directory_path.iterdir(): + if ( + child.is_dir() + and not is_study_folder(child) + and not should_ignore_folder_for_scan(child) + and not child.name.startswith((".", "$")) + ): + # we don't want to expose the full absolute path on the server + child_rel_path = child.relative_to(workspace.path) + directories.append( + NonStudyFolderDTO(path=child_rel_path, workspace=workspace_name, name=child.name) + ) return directories def list_workspaces(