Heray-Was-Here
Server : LiteSpeed
System : Linux server310.web-hosting.com 4.18.0-553.45.1.lve.el8.x86_64 #1 SMP Wed Mar 26 12:08:09 UTC 2025 x86_64
User : myveqfxv ( 6863)
PHP Version : 7.4.33
Disable Function : NONE
Directory :  /opt/cloudlinux/venv/lib/python3.11/site-packages/clcagefslib/webisolation/crontab/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : //opt/cloudlinux/venv/lib/python3.11/site-packages/clcagefslib/webisolation/crontab/utils.py
# -*- coding: utf-8 -*-
#
# Copyright © Cloud Linux GmbH & Cloud Linux Software, Inc 2010-2025 All Rights Reserved
#
# Licensed under CLOUD LINUX LICENSE AGREEMENT
# http://cloudlinux.com/docs/LICENCE.TXT
#
"""Utility functions for crontab operations."""

import os
import pwd

from clcommon.cpapi import userdomains

from .constants import DOCUMENT_ROOT_ENV


def get_document_root() -> str | None:
    """
    Get the document root from environment variable.

    When PROXYEXEC_DOCUMENT_ROOT is set, validate that it is one of the
    calling user's real document roots — defence in depth against a user
    invoking the wrapper directly with a forged value.

    Returns:
        Optional[str]: The document root path if PROXYEXEC_DOCUMENT_ROOT is set,
                       None otherwise.

    Raises:
        ValueError: If PROXYEXEC_DOCUMENT_ROOT is set but does not appear in
                    the calling user's docroot list.
    """
    document_root = os.environ.get(DOCUMENT_ROOT_ENV)
    if document_root is None:
        return None
    
    # normally this logic is called under user
    uid = os.getuid()
    if uid == 0:
        return document_root

    username = pwd.getpwuid(uid).pw_name
    user_docroots = {docroot for _, docroot in userdomains(username)}

    if document_root not in user_docroots:
        raise ValueError(
            f"Document root path {document_root!r} is not found for user"
        )

    return document_root

Hry