Text file encoding issue #1126
Merged
Text file encoding issue #1126
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
|
|
||
| def detect_encoding(file_path): | ||
| """Detects the file encoding to avoid UnicodeDecodeError.""" | ||
| with open(file_path, 'rb') as f: |
Check failure
Code scanning / CodeQL
Uncontrolled data used in path expression High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 6 months ago
To fix the problem, we need to validate the file_path to ensure it does not lead to unauthorized file access. We can achieve this by normalizing the path and ensuring it is contained within a predefined safe directory. This involves the following steps:
- Define a safe root directory.
- Normalize the
file_pathusingos.path.normpath. - Check that the normalized path starts with the safe root directory.
Suggested changeset
1
backend/src/document_sources/local_file.py
| @@ -7,4 +7,14 @@ | ||
|
|
||
| SAFE_ROOT_DIR = "/path/to/safe/root" # Define the safe root directory | ||
|
|
||
| def validate_file_path(file_path): | ||
| """Validates that the file path is within the safe root directory.""" | ||
| normalized_path = os.path.normpath(file_path) | ||
| if not normalized_path.startswith(SAFE_ROOT_DIR): | ||
| raise Exception("Access to the specified file path is not allowed.") | ||
| return normalized_path | ||
|
|
||
| def detect_encoding(file_path): | ||
| """Detects the file encoding to avoid UnicodeDecodeError.""" | ||
| file_path = validate_file_path(file_path) | ||
| with open(file_path, 'rb') as f: | ||
| @@ -15,2 +25,3 @@ | ||
| def load_document_content(file_path): | ||
| file_path = validate_file_path(file_path) | ||
| file_extension = Path(file_path).suffix.lower() | ||
| @@ -37,2 +48,3 @@ | ||
| def get_documents_from_file_by_path(file_path,file_name): | ||
| file_path = validate_file_path(file_path) | ||
| file_path = Path(file_path) |
Copilot is powered by AI and may make mistakes. Always verify output.
| loader = UnstructuredFileLoader(file_path, mode="elements",autodetect_encoding=True) | ||
| return loader,encoding_flag | ||
| else: | ||
| with open(file_path, encoding=encoding, errors="replace") as f: |
Check failure
Code scanning / CodeQL
Uncontrolled data used in path expression High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 6 months ago
To fix the problem, we need to validate and sanitize the file_name parameter before using it to construct file paths. We can use the os.path.normpath function to normalize the path and ensure it does not contain any path traversal characters. Additionally, we should check that the resulting path is within a designated safe directory.
- Normalize the
file_nameusingos.path.normpath. - Ensure the normalized path is within a safe root directory.
- Update the
get_documents_from_file_by_pathfunction to include these checks.
Suggested changeset
1
backend/src/document_sources/local_file.py
| @@ -2,2 +2,3 @@ | ||
| from pathlib import Path | ||
| import os | ||
| from langchain_community.document_loaders import PyMuPDFLoader | ||
| @@ -36,4 +37,7 @@ | ||
|
|
||
| def get_documents_from_file_by_path(file_path,file_name): | ||
| file_path = Path(file_path) | ||
| def get_documents_from_file_by_path(file_path, file_name): | ||
| base_path = Path("/safe/root/directory") # Define your safe root directory here | ||
| file_path = base_path / Path(os.path.normpath(file_path)) | ||
| if not str(file_path).startswith(str(base_path)): | ||
| raise Exception(f'Access to the file {file_name} is not allowed') | ||
| if file_path.exists(): | ||
| @@ -42,3 +46,3 @@ | ||
| try: | ||
| loader,encoding_flag = load_document_content(file_path) | ||
| loader, encoding_flag = load_document_content(file_path) | ||
| if file_extension == ".pdf": | ||
| @@ -50,6 +54,6 @@ | ||
| unstructured_pages = loader.load() | ||
| pages= get_pages_with_page_numbers(unstructured_pages) | ||
| pages = get_pages_with_page_numbers(unstructured_pages) | ||
| else: | ||
| unstructured_pages = loader.load() | ||
| pages= get_pages_with_page_numbers(unstructured_pages) | ||
| pages = get_pages_with_page_numbers(unstructured_pages) | ||
| except Exception as e: | ||
| @@ -59,3 +63,3 @@ | ||
| raise Exception(f'File {file_name} does not exist') | ||
| return file_name, pages , file_extension | ||
| return file_name, pages, file_extension | ||
|
|
Copilot is powered by AI and may make mistakes. Always verify output.
karanchellani
approved these changes
Feb 25, 2025
kaustubh-darekar
added a commit
that referenced
this pull request
Feb 26, 2025
This reverts commit 3a222cc.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Resolved
UnicodeDecodeError: 'gb2312' codec can't decode byte 0xe1 in position 214845: illegal multibyte sequence
For some of the text files