ExternalVendorCode/lollms
1
0
Fork 0
mirror of https://github.com/ParisNeo/lollms.git synced 2025-01-21 12:05:09 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update security.py

Browse Source
This commit is contained in:
Saifeddine ALOUI 2024-04-30 11:33:11 +02:00 committed by GitHub
parent f8720878dd
commit d577405d6a
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
lollms/security.py
View File

@ -123,14 +123,15 @@ def sanitize_path(path: str, allow_absolute_path: bool = False, error_text="Abso
----- -----
This function checks for patterns like "....", multiple forward slashes, and command injection attempts like $(whoami). It also checks for unauthorized punctuation characters, excluding the dot (.) character. This function checks for patterns like "....", multiple forward slashes, and command injection attempts like $(whoami). It also checks for unauthorized punctuation characters, excluding the dot (.) character.
""" """
if path is None:
return path
if not allow_absolute_path and path.strip().startswith("/"): if not allow_absolute_path and path.strip().startswith("/"):
raise HTTPException(status_code=400, detail=exception_text) raise HTTPException(status_code=400, detail=exception_text)
# Normalize path to use forward slashes # Normalize path to use forward slashes
path = path.replace('\\', '/') path = path.replace('\\', '/')
if path is None:
return path
# Regular expression to detect patterns like "....", multiple forward slashes, and command injection attempts like $(whoami) # Regular expression to detect patterns like "....", multiple forward slashes, and command injection attempts like $(whoami)
suspicious_patterns = re.compile(r'(\.\.+)|(/+/)|(\$\(.*\))') suspicious_patterns = re.compile(r'(\.\.+)|(/+/)|(\$\(.*\))')