ExternalVendorCode/lollms
1
0
Fork 0
mirror of https://github.com/ParisNeo/lollms.git synced 2025-01-04 11:54:20 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fixed

Browse Source
This commit is contained in:
Saifeddine ALOUI 2024-02-25 10:50:33 +01:00
parent a98fa14046
commit b786cfaa83
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
lollms/security.py
View File

@ -2,13 +2,13 @@ from fastapi import HTTPException
from ascii_colors import ASCIIColors from ascii_colors import ASCIIColors
from pathlib import Path from pathlib import Path
def sanitize_path(path:str): def sanitize_path(path:str, error_text="Absolute database path detected", exception_text="Detected an attempt of path traversal. Are you kidding me?"):
if(".." in path or Path(path).is_absolute()): if(".." in path or Path(path).is_absolute()):
ASCIIColors.warning("Absolute database path detected") ASCIIColors.warning()
raise "Detected an attempt of path traversal. Are you kidding me?" raise exception_text
def sanitize_path_from_endpoint(path:str): def sanitize_path_from_endpoint(path:str, error_text="A suspected LFI attack detected. The path sent to the server has .. in it!", exception_text="Invalid path!"):
if (".." in path or Path(path).is_absolute()): if (".." in path or Path(path).is_absolute()):
ASCIIColors.error("A suspected LFI attack detected. The path sent to the server has .. in it!") ASCIIColors.error(error_text)
raise HTTPException(status_code=400, detail="Invalid path!") raise HTTPException(status_code=400, detail=exception_text)