Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: validate path in fs #3152

Merged
merged 9 commits into from
Jul 11, 2024
Merged

fix: validate path in fs #3152

merged 9 commits into from
Jul 11, 2024

Conversation

marknguyen1302
Copy link
Contributor

@marknguyen1302 marknguyen1302 commented Jul 10, 2024
edited
Loading

Describe Your Changes

  • validate path in fs, only allow access to the file in the Jan folder

before the fix

  • invalid path:
    image

after the fix:

  • valid path:
    image
    image
    image

  • invalid path:
    image
    image
    image

Fixes Issues

  • Closes #
  • Closes #

Self Checklist

  • Added relevant comments, esp in complex areas
  • Updated docs (for bug fixes / features)
  • Created issues for follow-up changes or refactoring needed

@github-actions github-actions bot added the type: bug Something isn't working label Jul 10, 2024
@Van-QA
Copy link
Contributor

Van-QA commented Jul 11, 2024
edited
Loading

related to #2872
For the screenshot, can you help me check the appendFil‌‌esyn‌c as w‌ell?

@louis-jan
Copy link
Contributor

related to #2872 Can you help me check the appendFil‌‌esyn‌c as w‌ell?

appendFileSync is a part of FS as well, see 23...44

@louis-jan
Copy link
Contributor

Sneak a commit to fix the issue where symlink models are not visible. There still one vulnerability issue found, processing, don't merge yet.

louis-jan
louis-jan approved these changes Jul 11, 2024
View reviewed changes
Copy link
Contributor

@louis-jan louis-jan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGHF

@Van-QA Van-QA merged commit 1d26976 into dev Jul 11, 2024
7 checks passed
@Van-QA Van-QA deleted the fix/validate-path-in-fs branch July 11, 2024 17:15
@github-actions github-actions bot added this to the v.0.5.3 milestone Jul 11, 2024
namchuai pushed a commit that referenced this pull request Jul 12, 2024
@marknguyen1302 @louis-jan @namchuai
fix: validate path in fs (#3152)
d1ce164 
* fix: validate path in fs

* fix other fs issue

* fix test

* fix test

* fix test

* fix: do not check file exist on model status validation

* chore: bump version

* remove copyFileSync method

---------

Co-authored-by: Louis <louis@jan.ai>
louis-jan added a commit that referenced this pull request Jul 12, 2024
@marknguyen1302 @louis-jan
fix: validate path in fs (#3152)
dddf350 
* fix: validate path in fs

* fix other fs issue

* fix test

* fix test

* fix test

* fix: do not check file exist on model status validation

* chore: bump version

* remove copyFileSync method

---------

Co-authored-by: Louis <louis@jan.ai>
@Van-QA Van-QA mentioned this pull request Jul 16, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@louis-jan louis-jan louis-jan approved these changes

@namchuai namchuai Awaiting requested review from namchuai

Assignees

@marknguyen1302 marknguyen1302

Labels
type: bug Something isn't working
Projects
None yet
Milestone
v.0.5.3
Development

Successfully merging this pull request may close these issues.
3 participants
@marknguyen1302 @Van-QA @louis-jan