farcasclaudiu/Flowise
1
0
Fork 0
mirror of https://github.com/farcasclaudiu/Flowise.git synced 2026-06-28 23:01:09 +03:00
Code Issues Packages Projects Releases Wiki Activity

Bugfix/add validation for file path (#5211)

Browse Source 
add validation for file path
This commit is contained in:
Henry Heng
2025-09-15 14:58:53 +01:00
committed by GitHub
parent 89a0f23fe5
commit 6e291cf05d
1 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
packages/components/nodes/documentloaders/Folder/Folder.ts
+9
View File
@@ -10,6 +10,7 @@ import { DocxLoader } from '@langchain/community/document_loaders/fs/docx'
import { LoadOfSheet } from '../MicrosoftExcel/ExcelLoader' import { LoadOfSheet } from '../MicrosoftExcel/ExcelLoader'
import { PowerpointLoader } from '../MicrosoftPowerpoint/PowerpointLoader' import { PowerpointLoader } from '../MicrosoftPowerpoint/PowerpointLoader'
import { handleEscapeCharacters } from '../../../src/utils' import { handleEscapeCharacters } from '../../../src/utils'
import { isPathTraversal } from '../../../src/validator'
class Folder_DocumentLoaders implements INode { class Folder_DocumentLoaders implements INode {
label: string label: string
@@ -125,6 +126,14 @@ class Folder_DocumentLoaders implements INode {
const _omitMetadataKeys = nodeData.inputs?.omitMetadataKeys as string const _omitMetadataKeys = nodeData.inputs?.omitMetadataKeys as string
const output = nodeData.outputs?.output as string const output = nodeData.outputs?.output as string
if (!folderPath) {
throw new Error('Folder path is required')
}
if (isPathTraversal(folderPath)) {
throw new Error('Invalid folder path: Path traversal detected. Please provide a safe folder path.')
}
let omitMetadataKeys: string[] = [] let omitMetadataKeys: string[] = []
if (_omitMetadataKeys) { if (_omitMetadataKeys) {
omitMetadataKeys = _omitMetadataKeys.split(',').map((key) => key.trim()) omitMetadataKeys = _omitMetadataKeys.split(',').map((key) => key.trim())