Hugging Face's logo

Spaces:
rm-lht
/
lightrag
Configuration error

App Files
xet
Community
gzdaniel commited on
Commit
bebc00f
·
1 Parent(s): 24a4a64

Fix linting

Browse files
Files changed (1) hide show
  1. lightrag/api/routers/document_routes.py +17 -15
lightrag/api/routers/document_routes.py CHANGED
@@ -65,35 +65,37 @@ temp_prefix = "__tmp__"
65
  def sanitize_filename(filename: str, input_dir: Path) -> str:
66
  """
67
  Sanitize uploaded filename to prevent Path Traversal attacks.
68
-
69
  Args:
70
  filename: The original filename from the upload
71
  input_dir: The target input directory
72
-
73
  Returns:
74
  str: Sanitized filename that is safe to use
75
-
76
  Raises:
77
  HTTPException: If the filename is unsafe or invalid
78
  """
79
  # Basic validation
80
  if not filename or not filename.strip():
81
  raise HTTPException(status_code=400, detail="Filename cannot be empty")
82
-
83
  # Remove path separators and traversal sequences
84
- clean_name = filename.replace('/', '').replace('\\', '')
85
- clean_name = clean_name.replace('..', '')
86
-
87
  # Remove control characters and null bytes
88
- clean_name = ''.join(c for c in clean_name if ord(c) >= 32 and c != '\x7f')
89
-
90
  # Remove leading/trailing whitespace and dots
91
- clean_name = clean_name.strip().strip('.')
92
-
93
  # Check if anything is left after sanitization
94
  if not clean_name:
95
- raise HTTPException(status_code=400, detail="Invalid filename after sanitization")
96
-
 
 
97
  # Verify the final path stays within the input directory
98
  try:
99
  final_path = (input_dir / clean_name).resolve()
@@ -101,7 +103,7 @@ def sanitize_filename(filename: str, input_dir: Path) -> str:
101
  raise HTTPException(status_code=400, detail="Unsafe filename detected")
102
  except (OSError, ValueError):
103
  raise HTTPException(status_code=400, detail="Invalid filename")
104
-
105
  return clean_name
106
 
107
 
@@ -1031,7 +1033,7 @@ def create_document_routes(
1031
  try:
1032
  # Sanitize filename to prevent Path Traversal attacks
1033
  safe_filename = sanitize_filename(file.filename, doc_manager.input_dir)
1034
-
1035
  if not doc_manager.is_supported_file(safe_filename):
1036
  raise HTTPException(
1037
  status_code=400,
 
65
  def sanitize_filename(filename: str, input_dir: Path) -> str:
66
  """
67
  Sanitize uploaded filename to prevent Path Traversal attacks.
68
+
69
  Args:
70
  filename: The original filename from the upload
71
  input_dir: The target input directory
72
+
73
  Returns:
74
  str: Sanitized filename that is safe to use
75
+
76
  Raises:
77
  HTTPException: If the filename is unsafe or invalid
78
  """
79
  # Basic validation
80
  if not filename or not filename.strip():
81
  raise HTTPException(status_code=400, detail="Filename cannot be empty")
82
+
83
  # Remove path separators and traversal sequences
84
+ clean_name = filename.replace("/", "").replace("\\", "")
85
+ clean_name = clean_name.replace("..", "")
86
+
87
  # Remove control characters and null bytes
88
+ clean_name = "".join(c for c in clean_name if ord(c) >= 32 and c != "\x7f")
89
+
90
  # Remove leading/trailing whitespace and dots
91
+ clean_name = clean_name.strip().strip(".")
92
+
93
  # Check if anything is left after sanitization
94
  if not clean_name:
95
+ raise HTTPException(
96
+ status_code=400, detail="Invalid filename after sanitization"
97
+ )
98
+
99
  # Verify the final path stays within the input directory
100
  try:
101
  final_path = (input_dir / clean_name).resolve()
 
103
  raise HTTPException(status_code=400, detail="Unsafe filename detected")
104
  except (OSError, ValueError):
105
  raise HTTPException(status_code=400, detail="Invalid filename")
106
+
107
  return clean_name
108
 
109
 
 
1033
  try:
1034
  # Sanitize filename to prevent Path Traversal attacks
1035
  safe_filename = sanitize_filename(file.filename, doc_manager.input_dir)
1036
+
1037
  if not doc_manager.is_supported_file(safe_filename):
1038
  raise HTTPException(
1039
  status_code=400,