From bbabf14fd9a9cef3ba77e5ed1b32cd8cdbdb6f6a Mon Sep 17 00:00:00 2001 From: Saifeddine ALOUI Date: Wed, 1 May 2024 22:17:03 +0200 Subject: [PATCH] fixing 1d218c74-3f80-476d-bdbe-8ccb65374405 --- lollms/security.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/lollms/security.py b/lollms/security.py index 8098fcb..10a932c 100644 --- a/lollms/security.py +++ b/lollms/security.py @@ -125,13 +125,12 @@ def sanitize_path(path: str, allow_absolute_path: bool = False, error_text="Abso """ if path is None: return path - - if not allow_absolute_path and path.strip().startswith("/"): - raise HTTPException(status_code=400, detail=exception_text) # Normalize path to use forward slashes path = path.replace('\\', '/') + if not allow_absolute_path and path.strip().startswith("/"): + raise HTTPException(status_code=400, detail=exception_text) # Regular expression to detect patterns like "....", multiple forward slashes, and command injection attempts like $(whoami) suspicious_patterns = re.compile(r'(\.\.+)|(/+/)|(\$\(.*\))')