ExternalVendorCode/lollms
1
0
Fork 0
mirror of https://github.com/ParisNeo/lollms.git synced 2024-12-30 01:19:00 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fixed

Browse Source
This commit is contained in:
Saifeddine ALOUI 2024-02-25 10:50:33 +01:00
parent a98fa14046
commit b786cfaa83
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
lollms/security.py
View File

@ -2,13 +2,13 @@ from fastapi import HTTPException
from ascii_colors import ASCIIColors
from pathlib import Path
def sanitize_path(path:str):
def sanitize_path(path:str, error_text="Absolute database path detected", exception_text="Detected an attempt of path traversal. Are you kidding me?"):
if(".." in path or Path(path).is_absolute()):
ASCIIColors.warning("Absolute database path detected")
raise "Detected an attempt of path traversal. Are you kidding me?"
ASCIIColors.warning()
raise exception_text
def sanitize_path_from_endpoint(path:str):
def sanitize_path_from_endpoint(path:str, error_text="A suspected LFI attack detected. The path sent to the server has .. in it!", exception_text="Invalid path!"):
if (".." in path or Path(path).is_absolute()):
ASCIIColors.error("A suspected LFI attack detected. The path sent to the server has .. in it!")
raise HTTPException(status_code=400, detail="Invalid path!")
ASCIIColors.error(error_text)
raise HTTPException(status_code=400, detail=exception_text)