path traversal bug in api /knowledge_base/download_doc(#4008) (#4009)

close #4008
2026-01-19 13:23:16 +08:00 · 2024-05-14 09:46:19 +08:00 · 2024-05-14 09:46:19 +08:00 · 2c146aff74
commit 2c146aff74
parent 703d0f6aa7
1 changed files with 4 additions and 1 deletions
--- a/server/knowledge_base/utils.py
+++ b/server/knowledge_base/utils.py
@ -42,7 +42,10 @@ def get_vs_path(knowledge_base_name: str, vector_name: str):


 def get_file_path(knowledge_base_name: str, doc_name: str):
-    return os.path.join(get_doc_path(knowledge_base_name), doc_name)
+    doc_path = Path(get_doc_path(knowledge_base_name))
+    file_path = doc_path / doc_name
+    if file_path.is_relative_to(doc_path):
+        return str(file_path)


 def list_kbs_from_folder():