update pympta.py to only receive from models folder

2025-08-08 23:22:04 +07:00 · 2025-08-08 23:22:04 +07:00 · e471ab03e9
commit e471ab03e9
parent 3d0aaab8b3
1 changed files with 15 additions and 0 deletions
--- a/siwatsystem/pympta.py
+++ b/siwatsystem/pympta.py
@ -54,6 +54,21 @@ def load_pipeline_node(node_config: dict, mpta_dir: str) -> dict:
    return node

 def load_pipeline_from_zip(zip_source: str, target_dir: str) -> dict:
+    # Restrict to models directory for security
+    if not zip_source.startswith('models/'):
+        zip_source = os.path.join('models', zip_source)
+    
+    # Validate the path is within models directory (prevent path traversal)
+    try:
+        abs_zip_path = os.path.abspath(zip_source)
+        abs_models_path = os.path.abspath('models')
+        if not abs_zip_path.startswith(abs_models_path):
+            logger.error(f"Security violation: {zip_source} is outside models directory")
+            return None
+    except Exception as e:
+        logger.error(f"Error validating path {zip_source}: {str(e)}")
+        return None
+    
    logger.info(f"Attempting to load pipeline from {zip_source} to {target_dir}")
    os.makedirs(target_dir, exist_ok=True)
    zip_path = os.path.join(target_dir, "pipeline.mpta")