mirror of
https://github.com/ParisNeo/lollms.git
synced 2024-12-25 15:21:07 +00:00
Update security.py
This commit is contained in:
parent
4918a7d237
commit
0a008b8529
@ -5,6 +5,8 @@ from typing import List
|
|||||||
import os
|
import os
|
||||||
|
|
||||||
def sanitize_path(path:str, allow_absolute_path:bool=False, error_text="Absolute database path detected", exception_text="Detected an attempt of path traversal. Are you kidding me?"):
|
def sanitize_path(path:str, allow_absolute_path:bool=False, error_text="Absolute database path detected", exception_text="Detected an attempt of path traversal. Are you kidding me?"):
|
||||||
|
if path is None:
|
||||||
|
return path
|
||||||
if(".." in path):
|
if(".." in path):
|
||||||
ASCIIColors.warning(error_text)
|
ASCIIColors.warning(error_text)
|
||||||
raise exception_text
|
raise exception_text
|
||||||
@ -14,6 +16,8 @@ def sanitize_path(path:str, allow_absolute_path:bool=False, error_text="Absolute
|
|||||||
return path
|
return path
|
||||||
|
|
||||||
def sanitize_path_from_endpoint(path:str, error_text="A suspected LFI attack detected. The path sent to the server has .. in it!", exception_text="Invalid path!"):
|
def sanitize_path_from_endpoint(path:str, error_text="A suspected LFI attack detected. The path sent to the server has .. in it!", exception_text="Invalid path!"):
|
||||||
|
if path is None:
|
||||||
|
return path
|
||||||
if (".." in path or Path(path).is_absolute()):
|
if (".." in path or Path(path).is_absolute()):
|
||||||
ASCIIColors.error(error_text)
|
ASCIIColors.error(error_text)
|
||||||
raise HTTPException(status_code=400, detail=exception_text)
|
raise HTTPException(status_code=400, detail=exception_text)
|
||||||
|
Loading…
Reference in New Issue
Block a user