From d577405d6a7e6cf4346ee884a9cffa6116cbdb60 Mon Sep 17 00:00:00 2001
From: Saifeddine ALOUI <aloui.seifeddine@gmail.com>
Date: Tue, 30 Apr 2024 11:33:11 +0200
Subject: [PATCH] Update security.py

---
 lollms/security.py | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/lollms/security.py b/lollms/security.py
index 597bc19..5917c57 100644
--- a/lollms/security.py
+++ b/lollms/security.py
@@ -123,14 +123,15 @@ def sanitize_path(path: str, allow_absolute_path: bool = False, error_text="Abso
     -----
     This function checks for patterns like "....", multiple forward slashes, and command injection attempts like $(whoami). It also checks for unauthorized punctuation characters, excluding the dot (.) character.
     """    
+    if path is None:
+        return path
+    
     if not allow_absolute_path and path.strip().startswith("/"):
         raise HTTPException(status_code=400, detail=exception_text)
 
     # Normalize path to use forward slashes
     path = path.replace('\\', '/')
 
-    if path is None:
-        return path
 
     # Regular expression to detect patterns like "....", multiple forward slashes, and command injection attempts like $(whoami)
     suspicious_patterns = re.compile(r'(\.\.+)|(/+/)|(\$\(.*\))')
@@ -237,4 +238,4 @@ if __name__=="__main__":
     sanitize_path_from_endpoint("cat/main")
     print("Main passed")
     sanitize_path_from_endpoint(".../user")
-    print("hi")
\ No newline at end of file
+    print("hi")