ExternalVendorCode/lollms
1
0
Fork 0
mirror of https://github.com/ParisNeo/lollms.git synced 2024-12-18 20:27:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fixed vulenerability in wipe_database endpoint

Browse Source
This commit is contained in:
Saifeddine ALOUI 2024-10-07 21:43:44 +02:00
parent 5f0b0341be
commit 7433f80d2c
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
lollms/server/endpoints/lollms_rag.py
View File

@ -136,6 +136,7 @@ async def search(query: RAGQuery):
@router.delete("/wipe_database", response_model=DocumentResponse) @router.delete("/wipe_database", response_model=DocumentResponse)
async def wipe_database(key: str): async def wipe_database(key: str):
await validate_key(key) await validate_key(key)
key = sanitize_path(key)
user_folder = lollmsElfServer.lollms_paths / str(key) user_folder = lollmsElfServer.lollms_paths / str(key)
shutil.rmtree(user_folder, ignore_errors=True) shutil.rmtree(user_folder, ignore_errors=True)
return DocumentResponse(success=True, message="Database wiped successfully.") return DocumentResponse(success=True, message="Database wiped successfully.")