HEX
Server: LiteSpeed
System: Linux srv1.dhviews.com 5.14.0-570.23.1.el9_6.x86_64 #1 SMP PREEMPT_DYNAMIC Tue Jun 24 11:27:16 EDT 2025 x86_64
User: bdedition (1723)
PHP: 7.4.33
Disabled: NONE
$ pwd: /opt/cloudlinux/venv/lib/python3.11/site-packages/clcagefslib/webisolation/crontab/
Upload Files
File: //opt/cloudlinux/venv/lib/python3.11/site-packages/clcagefslib/webisolation/crontab/utils.py
# -*- coding: utf-8 -*-
#
# Copyright © Cloud Linux GmbH & Cloud Linux Software, Inc 2010-2025 All Rights Reserved
#
# Licensed under CLOUD LINUX LICENSE AGREEMENT
# http://cloudlinux.com/docs/LICENCE.TXT
#
"""Utility functions for crontab operations."""

import os
import pwd

from clcommon.cpapi import userdomains

from .constants import DOCUMENT_ROOT_ENV


def get_document_root() -> str | None:
    """
    Get the document root from environment variable.

    When PROXYEXEC_DOCUMENT_ROOT is set, validate that it is one of the
    calling user's real document roots — defence in depth against a user
    invoking the wrapper directly with a forged value.

    Returns:
        Optional[str]: The document root path if PROXYEXEC_DOCUMENT_ROOT is set,
                       None otherwise.

    Raises:
        ValueError: If PROXYEXEC_DOCUMENT_ROOT is set but does not appear in
                    the calling user's docroot list.
    """
    document_root = os.environ.get(DOCUMENT_ROOT_ENV)
    if document_root is None:
        return None
    
    # normally this logic is called under user
    uid = os.getuid()
    if uid == 0:
        return document_root

    username = pwd.getpwuid(uid).pw_name
    user_docroots = {docroot for _, docroot in userdomains(username)}

    if document_root not in user_docroots:
        raise ValueError(
            f"Document root path {document_root!r} is not found for user"
        )

    return document_root
@ Telegram