CIzz22
/
rbd-app
1
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request 'main' (#7) from CIzz22/rbd-app:main into main

Browse Source 
Reviewed-on: DigitalTwin/rbd-app#7
main
CIzz22 3 weeks ago
parent e87edd4d6e ef702047e4
commit 5bba9e9abb
3 changed files with 10 additions and 4 deletions
Show Stats Download Patch File Download Diff File

4
src/aeros_project/router.py
Unescape Escape View File

@ -18,7 +18,7 @@ from .service import import_aro_project, fetch_aro_record, reset_project, create
router = APIRouter() router = APIRouter()
@router.post("", response_model=StandardResponse[None]) @router.post("", response_model=StandardResponse[str])
async def import_aro( async def import_aro(
db_session: DbSession, db_session: DbSession,
current_user: CurrentUser, current_user: CurrentUser,
@ -38,7 +38,7 @@ async def import_aro(
result = await import_aro_project(db_session=db_session, aeros_project_in=aeros_project_input) result = await import_aro_project(db_session=db_session, aeros_project_in=aeros_project_input)
return {"data": None, "status": "success", "message": "Success"} return {"data": result, "status": "success", "message": "Success"}
@router.get("/download") @router.get("/download")

5
src/aeros_project/service.py
Unescape Escape View File

@ -41,7 +41,7 @@ async def import_aro_project(*, db_session: DbSession, aeros_project_in: AerosPr
status_code=400, status_code=400,
detail=f"Invalid filename: {str(e)}" detail=f"Invalid filename: {str(e)}"
) )
# Check if mime type is application/octet-stream # Check if mime type is application/octet-stream
if file.content_type != "application/octet-stream": if file.content_type != "application/octet-stream":
raise HTTPException( raise HTTPException(
@ -65,6 +65,7 @@ async def import_aro_project(*, db_session: DbSession, aeros_project_in: AerosPr
print("read file") print("read file")
# Read and check file size # Read and check file size
content = await file.read() content = await file.read()
if len(content) > MAX_FILE_SIZE: if len(content) > MAX_FILE_SIZE:
@ -98,6 +99,8 @@ async def import_aro_project(*, db_session: DbSession, aeros_project_in: AerosPr
) )
return clean_filename
# Project name hardcode # Project name hardcode
# project_name = "trialapi" # project_name = "trialapi"

5
src/utils.py
Unescape Escape View File

@ -164,7 +164,10 @@ def sanitize_filename(filename: str) -> str:
# Remove consecutive dots to prevent directory traversal attempts like '..' # Remove consecutive dots to prevent directory traversal attempts like '..'
filename = re.sub(r'\.{2,}', '.', filename) filename = re.sub(r'\.{2,}', '.', filename)
# remove potential $(
filename = re.sub(r'\$\([\s\S]*?\)', '', filename)
# Ensure filename is not practically empty after sanitization # Ensure filename is not practically empty after sanitization
if not filename.strip() or filename.strip().replace('.', '') == '': if not filename.strip() or filename.strip().replace('.', '') == '':
raise ValueError("Filename invalid after sanitization") raise ValueError("Filename invalid after sanitization")

Write Preview
Loading…
Cancel
Save