ExternalVendorCode/lollms-webui
1
0
Fork 0
mirror of https://github.com/ParisNeo/lollms-webui.git synced 2025-01-29 15:44:12 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

news

Browse Source
This commit is contained in:
Saifeddine ALOUI 2024-03-15 23:09:22 +01:00
parent 241180246a
commit 70694bdc8f
10 changed files with 313 additions and 250 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
endpoints/lollms_advanced.py
View File

@ -146,11 +146,9 @@ async def open_file(file_path: FilePath):
if not show_yes_no_dialog("Validation","Do you validate the opening of a file?"):
return {"status":False,"error":"User refused the opeining file!"}
sanitize_path(path)
try:
# Validate the 'path' parameter
path = file_path.path
path = sanitize_path(file_path.path)
if not validate_file_path(path):
return {"status":False,"error":"Invalid file path"}

2
lollms_core

@ -1 +1 @@
Subproject commit 4c1e7c9b0893098ebfcbec7f7e2819a9d22ac654
Subproject commit 1d16bc48c1a6a803d15b06cdbdf9081a7cef2d08

3
tests/pentests/path_traversal/pentests.http Normal file
View File

@ -0,0 +1,3 @@
GET /user_infos//Windows/win.ini HTTP/1.1
Host: 127.0.0.1:9600
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

35
tests/pentests/path_traversal/user_infos.py Normal file
View File

@ -0,0 +1,35 @@
import requests
import unittest
class TestUserInfosEndpoint(unittest.TestCase):
def setUp(self):
self.base_url = 'http://127.0.0.1:9600'
def test_user_infos_endpoint(self):
print("Testing user_infos endpoint...")
# Test valid path
print("Testing valid path...")
valid_path = '0dbb0245-7b6b-4834-835d-4d9d460b336c.png'
response = requests.get(f'{self.base_url}/user_infos/{valid_path}')
self.assertEqual(response.status_code, 200)
print(f"Status code: {response.status_code} (expected: 200)\n")
# Test path starting with a double slash
print("Testing path starting with a double slash...")
invalid_path = '//Windows/win.ini'
response = requests.get(f'{self.base_url}/user_infos/{invalid_path}')
print(f"Response content: {response.content}\n")
self.assertEqual(response.status_code, 400)
print(f"Status code: {response.status_code} (expected: 400)\n")
# Test path containing suspicious patterns
print("Testing path containing suspicious patterns...")
suspicious_path = '../../etc/passwd'
response = requests.get(f'{self.base_url}/user_infos/{suspicious_path}')
print(f"Response content: {response.content}\n")
self.assertEqual(response.status_code, 400)
print(f"Status code: {response.status_code} (expected: 400)\n")
if __name__ == '__main__':
unittest.main()

484
web/dist/assets/index-97c65ac7.js → web/dist/assets/index-0d7b4d08.js vendored
View File

File diff suppressed because one or more lines are too long

2
web/dist/assets/index-d152d392.css → web/dist/assets/index-87cd6088.css vendored
View File

File diff suppressed because one or more lines are too long

12
web/dist/assets/registry-382fcf02.svg vendored Normal file
View File

@ -0,0 +1,12 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!-- Uploaded to: SVG Repo, www.svgrepo.com, Generator: SVG Repo Mixer Tools -->
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
<svg fill="#000000" version="1.1" id="Capa_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"
width="800px" height="800px" viewBox="0 0 461.759 461.759"
xml:space="preserve">
<g>
<path d="M0,301.058h147.916v147.919H0V301.058z M194.432,448.977H342.35V301.058H194.432V448.977z M2.802,257.347h147.916V109.434
H2.802V257.347z M325.476,92.219l-51.603-79.437l-79.441,51.601l51.604,79.437L325.476,92.219z M219.337,213.733l71.045,62.663
l62.66-71.039l-71.044-62.669L219.337,213.733z M412.107,57.967l-80.668,49.656l49.652,80.666l80.668-49.65L412.107,57.967z"/>
</g>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 827 B

4
web/dist/index.html vendored
View File

@ -6,8 +6,8 @@
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>LoLLMS WebUI - Welcome</title>
<script type="module" crossorigin src="/assets/index-97c65ac7.js"></script>
<link rel="stylesheet" href="/assets/index-d152d392.css">
<script type="module" crossorigin src="/assets/index-0d7b4d08.js"></script>
<link rel="stylesheet" href="/assets/index-87cd6088.css">
</head>
<body>
<div id="app"></div>

15
web/src/views/DiscussionsView.vue
View File

@ -106,6 +106,10 @@
class=" w-6 text-blue-400 hover:text-secondary duration-75 active:scale-90">
<img :src="inactive_skills">
</button>
<button v-if="!loading && $store.state.config.activate_skills_lib" type="button" @click.stop="showSkillsLib" title="Skills database is deactivated"
class=" w-6 text-blue-400 hover:text-secondary duration-75 active:scale-90">
<img :src="skillsRegistry">
</button>
<div v-if="loading" title="Loading.." class="flex flex-row flex-grow justify-end">
<!-- SPINNER -->
@ -377,6 +381,7 @@ import SVGGreenBrain from '@/assets/brain_green.svg';
import memory_icon from "../assets/memory_icon.svg"
import active_skills from "../assets/active.svg"
import inactive_skills from "../assets/inactive.svg"
import skillsRegistry from "../assets/registry.svg"
export default {
@ -387,6 +392,7 @@ export default {
memory_icon: memory_icon,
active_skills:active_skills,
inactive_skills:inactive_skills,
skillsRegistry:skillsRegistry,
posts_headers : {
'accept': 'application/json',
'Content-Type': 'application/json'
@ -570,6 +576,15 @@ export default {
await this.applyConfiguration();
socket.emit('upgrade_vectorization');
},
async showSkillsLib(){
let result = await axios.post("/get_skills_lib", {
client_id: this.client_id
}, {headers: this.posts_headers});
if(result.status){
console.log("done")
}
},
async applyConfiguration() {
this.loading = true;
const res = await axios.post('/apply_settings', {"config":this.$store.state.config})

2
zoos/personalities_zoo

@ -1 +1 @@
Subproject commit 53e9284bcff7628ea6031b2cbe16e1cd6f87c187
Subproject commit 8c6d579e1a8a8c47212f068e22a1399960595ccb