ExternalVendorCode/lollms
1
0
Fork 0
mirror of https://github.com/ParisNeo/lollms.git synced 2024-12-19 20:57:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fixed vulenerability

Browse Source
This commit is contained in:
Saifeddine ALOUI 2024-03-10 01:07:10 +01:00
parent 85ed53a2b2
commit 1138a7a42b
2 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lollms/security.py
View File

@ -25,8 +25,7 @@ def sanitize_path_from_endpoint(path:str, error_text="A suspected LFI attack det
def forbid_remote_access(lollmsElfServer):
if lollmsElfServer.config.host!="localhost" and lollmsElfServer.config.host!="127.0.0.1":
return {"status":False,"error":"Code execution is blocked when the server is exposed outside for very obvious reasons!"}
raise Exception("This functionality is forbidden if the server is exposed")
def validate_path(path, allowed_paths:List[str|Path]):
# Convert the path to an absolute path

3
lollms/server/events/lollms_model_events.py
View File

@ -35,6 +35,9 @@ def add_events(sio:socketio):
@sio.on('install_model')
def install_model(sid, data):
client_id = sid
sanitize_path(data["type"])
sanitize_path(data["path"])
sanitize_path(data["variant_name"])
tpe = threading.Thread(target=lollmsElfServer.binding.install_model, args=(data["type"], data["path"], data["variant_name"], client_id))
tpe.start()