Skip to content
Snippets Groups Projects
Unverified Commit 18798c5b authored by Timothy Carambat's avatar Timothy Carambat Committed by GitHub
Browse files

prevent deletion of documents not in hotdir via director traversal (#258) 

resolves #257
parent d5b1f84a
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 2 additions and 1 deletion
collector/api.py
+ 2
1
View file @ 18798c5b
import os
from flask import Flask, json, request from flask import Flask, json, request
from scripts.watch.process_single import process_single from scripts.watch.process_single import process_single
from scripts.watch.filetypes import ACCEPTED_MIMES from scripts.watch.filetypes import ACCEPTED_MIMES
...@@ -7,7 +8,7 @@ WATCH_DIRECTORY = "hotdir" ...@@ -7,7 +8,7 @@ WATCH_DIRECTORY = "hotdir"
@api.route('/process', methods=['POST']) @api.route('/process', methods=['POST'])
def process_file(): def process_file():
content = request.json content = request.json
target_filename = content.get('filename') target_filename = os.path.normpath(content.get('filename')).lstrip(os.pardir + os.sep)
print(f"Processing {target_filename}") print(f"Processing {target_filename}")
success, reason = process_single(WATCH_DIRECTORY, target_filename) success, reason = process_single(WATCH_DIRECTORY, target_filename)
return json.dumps({'filename': target_filename, 'success': success, 'reason': reason}) return json.dumps({'filename': target_filename, 'success': success, 'reason': reason})
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

:feet::heart: Strive to be the person your dogs believe you are :heart::feet: