ExternalVendorCode/lollms
1
0
Fork 0
mirror of https://github.com/ParisNeo/lollms.git synced 2024-12-20 05:08:00 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

more sanitization

Browse Source
This commit is contained in:
Saifeddine ALOUI 2024-02-17 03:06:56 +01:00
parent 7128493d95
commit 836aca370a
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
lollms/server/endpoints/lollms_binding_infos.py
View File

@ -7,7 +7,7 @@ description:
application. These routes are specific to bindings
"""
from fastapi import APIRouter, Request
from fastapi import APIRouter, Request, HTTPException
from pydantic import BaseModel, Field
import pkg_resources
from lollms.server.elf_server import LOLLMSElfServer
@ -125,6 +125,11 @@ def install_binding(data:BindingInstallParams):
Returns:
dict: Status of operation.
"""
if ".." in data.name:
ASCIIColors.error("A potential path traversal attack detected. The name of the binding sent to the server has .. in it!")
raise HTTPException(status_code=400, detail="Invalid path!")
ASCIIColors.info(f"- Reinstalling binding {data.name}...")
try:
lollmsElfServer.info("Unmounting binding and model")