mirror of
https://github.com/ParisNeo/lollms.git
synced 2024-12-24 14:56:44 +00:00
Update security.py
This commit is contained in:
parent
4918a7d237
commit
0a008b8529
@ -5,6 +5,8 @@ from typing import List
|
||||
import os
|
||||
|
||||
def sanitize_path(path:str, allow_absolute_path:bool=False, error_text="Absolute database path detected", exception_text="Detected an attempt of path traversal. Are you kidding me?"):
|
||||
if path is None:
|
||||
return path
|
||||
if(".." in path):
|
||||
ASCIIColors.warning(error_text)
|
||||
raise exception_text
|
||||
@ -14,6 +16,8 @@ def sanitize_path(path:str, allow_absolute_path:bool=False, error_text="Absolute
|
||||
return path
|
||||
|
||||
def sanitize_path_from_endpoint(path:str, error_text="A suspected LFI attack detected. The path sent to the server has .. in it!", exception_text="Invalid path!"):
|
||||
if path is None:
|
||||
return path
|
||||
if (".." in path or Path(path).is_absolute()):
|
||||
ASCIIColors.error(error_text)
|
||||
raise HTTPException(status_code=400, detail=exception_text)
|
||||
|
Loading…
Reference in New Issue
Block a user