Skip to content

Commit 1378432

Browse files
author
Bhavisha Dawada
committed
security: fix path injection vulnerability in jsonl file path construction
- Add sanitization for workflowId and captureId parameters - Validate against directory traversal patterns (.., path separators) - Use sanitized components in jsonl file path construction - Addresses CodeQL rule py/path-injection for line 108
1 parent b39778b commit 1378432

1 file changed

Lines changed: 12 additions & 1 deletion

File tree

src/backend/endpoints/download_file.py

Lines changed: 12 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -120,7 +120,18 @@ def load_input_image_from_worflow_by_capture_id(workflowId: str, captureId: str,
120120
capture_details = inference_result_accessor.get_inference_result(db, captureId)
121121
if capture_details is None:
122122
logger.info("Getting image from jsonl file")
123-
jsonl_file = f"/aws_dda/inference-results/{workflowId}/{captureId}.jsonl"
123+
# Sanitize path components to prevent directory traversal
124+
safe_workflow_id = os.path.basename(workflowId)
125+
safe_capture_id = os.path.basename(captureId)
126+
if (safe_workflow_id != workflowId or safe_capture_id != captureId or
127+
'..' in workflowId or '..' in captureId or
128+
os.path.sep in safe_workflow_id or os.path.sep in safe_capture_id):
129+
raise HTTPException(
130+
status_code=400,
131+
detail="Invalid workflow or capture ID"
132+
)
133+
134+
jsonl_file = f"/aws_dda/inference-results/{safe_workflow_id}/{safe_capture_id}.jsonl"
124135
try:
125136
with open(jsonl_file, 'r') as f:
126137
json_str = f.read()

0 commit comments

Comments
 (0)