From b05ba124452ffe17f3f7223b740e977ca5ee0b01 Mon Sep 17 00:00:00 2001
From: Jeremy Stanley <fungi@yuggoth.org>
Date: Fri, 2 Jul 2021 17:12:59 +0000
Subject: [PATCH] Correct is_safe_path example in guidelines

A previous rework of the directory traversal mitigation example in
I3f8d3760daceb9e62396ae21b0d915ae07eff303 was not correctly cleaned
up, and left some unintended startswith method invocations behind.
Get rid of those, and also correct a wrong parameter name in the
main function while we're at it, as well as fixing some incorrect
indentation.

Change-Id: Ie5347f3b6cc8e689440db0aaf552d52ad37c231c
Closes-Bug: #1928544
---
 doc/source/guidelines/dg_using-file-paths.rst | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/doc/source/guidelines/dg_using-file-paths.rst b/doc/source/guidelines/dg_using-file-paths.rst
index c107b38..f1bcc39 100644
--- a/doc/source/guidelines/dg_using-file-paths.rst
+++ b/doc/source/guidelines/dg_using-file-paths.rst
@@ -81,15 +81,15 @@ defeat path traversal.
     def is_safe_path(basedir, path, follow_symlinks=True):
         # resolves symbolic links
         if follow_symlinks:
-             matchpath = os.path.realpath(path).startswith(basedir)
+            matchpath = os.path.realpath(path)
         else:
-             matchpath = os.path.abspath(path).startswith(basedir)
+            matchpath = os.path.abspath(path)
         return basedir == os.path.commonpath((basedir, matchpath))
 
 
     def main(args):
         for arg in args:
-            if is_safe_path(os.getcwd(), path):
+            if is_safe_path(os.getcwd(), arg):
                 print("safe: {}".format(arg))
             else:
                 print("unsafe: {}".format(arg))