Update security.py

This commit is contained in:
Saifeddine ALOUI 2024-03-08 11:14:41 +01:00 committed by GitHub
parent 4918a7d237
commit 0a008b8529
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

View File

@ -5,6 +5,8 @@ from typing import List
import os
def sanitize_path(path:str, allow_absolute_path:bool=False, error_text="Absolute database path detected", exception_text="Detected an attempt of path traversal. Are you kidding me?"):
if path is None:
return path
if(".." in path):
ASCIIColors.warning(error_text)
raise exception_text
@ -14,6 +16,8 @@ def sanitize_path(path:str, allow_absolute_path:bool=False, error_text="Absolute
return path
def sanitize_path_from_endpoint(path:str, error_text="A suspected LFI attack detected. The path sent to the server has .. in it!", exception_text="Invalid path!"):
if path is None:
return path
if (".." in path or Path(path).is_absolute()):
ASCIIColors.error(error_text)
raise HTTPException(status_code=400, detail=exception_text)