ExternalVendorCode/lollms
1
0
Fork 0
mirror of https://github.com/ParisNeo/lollms.git synced 2025-04-11 20:59:56 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fixed vulenerability

Browse Source
This commit is contained in:
Saifeddine ALOUI 2024-04-04 18:20:13 +02:00
parent 5f406b9bbd
commit f4424cfc3d
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
lollms/security.py
View File

@ -40,6 +40,9 @@ def sanitize_code(code):
return sanitized_code
def sanitize_path(path:str, allow_absolute_path:bool=False, error_text="Absolute database path detected", exception_text="Detected an attempt of path traversal. Are you kidding me?"):
if not allow_absolute_path and path.strip().startswith("/"):
raise HTTPException(status_code=400, detail=exception_text)
if path is None:
return path
@ -56,6 +59,8 @@ def sanitize_path(path:str, allow_absolute_path:bool=False, error_text="Absolute
return path
def sanitize_path_from_endpoint(path: str, error_text="A suspected LFI attack detected. The path sent to the server has suspicious elements in it!", exception_text="Invalid path!"):
if path.strip().startswith("/"):
raise HTTPException(status_code=400, detail=exception_text)
# Fix the case of "/" at the beginning on the path
if path is None:
return path