From 5a2f6f6fafe252bc6b039f10c23389f13ad90d13 Mon Sep 17 00:00:00 2001
From: Joseph Schorr <joseph.schorr@coreos.com>
Date: Tue, 6 Feb 2018 13:38:00 -0500
Subject: [PATCH] Add exception if relative path is given to Azure storage
 engine

---
 storage/azurestorage.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/storage/azurestorage.py b/storage/azurestorage.py
index 1db2980cb..50e77cbb7 100644
--- a/storage/azurestorage.py
+++ b/storage/azurestorage.py
@@ -27,6 +27,7 @@ _MAX_BLOCK_SIZE = 1024 * 1024 * 100 # 100MB
 _BLOCKS_KEY = 'blocks'
 _CONTENT_TYPE_KEY = 'content-type'
 
+
 class AzureStorage(BaseStorage):
   def __init__(self, context, azure_container, storage_path, azure_account_name,
                azure_account_key=None, sas_token=None, connection_string=None,
@@ -50,6 +51,9 @@ class AzureStorage(BaseStorage):
                                           socket_timeout=socket_timeout)
 
   def _blob_name_from_path(self, object_path):
+    if '..' in object_path:
+      raise Exception('Relative paths are not allowed; found %s' % object_path)
+
     return os.path.join(self._storage_path, object_path).rstrip('/')
 
   def _upload_blob_name_from_uuid(self, uuid):