Commit 9ceaf6c

filipchristiansengithub-advanced-security[bot]Copilot

authored

fix: Potential fix for code scanning alert no. 75: Uncontrolled data used in path expression (#421)

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

1 parent 74e503f commit 9ceaf6cCopy full SHA for 9ceaf6c

File tree

1 file changed

-1

lines changed

src/server/routers
- ingest.py

1 file changed

-1

lines changed

`‎src/server/routers/ingest.py`

Lines changed: 4 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -112,7 +112,10 @@ async def download_ingest(ingest_id: str) -> FileResponse:`
`112`	`112`	`- HTTPException: 403 - the process lacks permission to read the directory or file`
`113`	`113`
`114`	`114`	`"""`
`115`		`- directory = TMP_BASE_PATH / ingest_id`
	`115`	`+ # Normalize and validate the directory path`
	`116`	`+ directory = (TMP_BASE_PATH / ingest_id).resolve()`
	`117`	`+ if not str(directory).startswith(str(TMP_BASE_PATH.resolve())):`
	`118`	`+ raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail=f"Invalid ingest ID: {ingest_id!r}")`
`116`	`119`
`117`	`120`	`if not directory.is_dir():`
`118`	`121`	`raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail=f"Digest {ingest_id!r} not found")`

0 commit comments

Comments

(0)

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit 9ceaf6c

File tree

1 file changed

1 file changed

`‎src/server/routers/ingest.py`

0 commit comments