Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Safer writeFile #193

Closed
pixelass opened this issue Apr 9, 2024 · 1 comment · Fixed by #209
Closed

Safer writeFile #193

pixelass opened this issue Apr 9, 2024 · 1 comment · Fixed by #209
Labels
enhancement New feature or request released on @alpha

Comments

@pixelass
Copy link
Member

pixelass commented Apr 9, 2024

I want the writeFile function to be safely guarded.

currently it is possible to define paths with upward navigation e.g. "../../../../somehere"

This should ge guarded by removing potential navigation
@pixelass pixelass added the enhancement New feature or request label Apr 9, 2024
pixelass added a commit that referenced this issue Apr 17, 2024
@pixelass
feat: safe write/copy file
64bcfcf 
prevents traversing beyond the path root

closes #193
@pixelass pixelass mentioned this issue Apr 17, 2024
Merged
pixelass added a commit that referenced this issue Apr 18, 2024
@pixelass
feat: safe write/copy file (#209)
9bf22a1 
## Motivation

prevents traversing beyond the path root

## Issues closed

closes #193
TimPietrusky pushed a commit that referenced this issue Apr 18, 2024
@semantic-release-bot
chore(release): 1.0.0-alpha.46
9986e98 
# [1.0.0-alpha.46](v1.0.0-alpha.45...v1.0.0-alpha.46) (2024-04-18)

### Features

* safe write/copy file ([#209](#209)) ([9bf22a1](9bf22a1)), closes [#193](#193)
@TimPietrusky
Copy link
Member

🎉 This issue has been resolved in version 1.0.0-alpha.46 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

TimPietrusky pushed a commit to blib-la/captain-test that referenced this issue Apr 26, 2024
@semantic-release-bot
chore(release): 1.0.0-alpha.1
76cf72b 
# 1.0.0-alpha.1 (2024-04-26)

### Bug Fixes

* add all resources ([e75b3cd](e75b3cd))
* added "main" again ([f43adf4](f43adf4))
* app should only have one instance ([blib-la#99](https://github.com/blib-la/captain-test/issues/99)) ([c7e9d11](c7e9d11))
* clean files causes app to crash ([blib-la#203](https://github.com/blib-la/captain-test/issues/203)) ([d1cb64a](d1cb64a))
* downloads not possible ([blib-la#38](https://github.com/blib-la/captain-test/issues/38)) ([9f0dc48](9f0dc48))
* ensure better compat to old vs new api ([blib-la#197](https://github.com/blib-la/captain-test/issues/197)) ([5f15b06](5f15b06))
* gpt progress logic is broken ([blib-la#29](https://github.com/blib-la/captain-test/issues/29)) ([8bb04a5](8bb04a5))
* icon color triggered by wrong button ([d3e069a](d3e069a))
* image data is undefined ([blib-la#28](https://github.com/blib-la/captain-test/issues/28)) ([b5d3ee4](b5d3ee4))
* inital load has unlocalized UI ([blib-la#17](https://github.com/blib-la/captain-test/issues/17)) ([060df23](060df23))
* label on installation success is wrong ([blib-la#98](https://github.com/blib-la/captain-test/issues/98)) ([54f711f](54f711f))
* **live-painting:** generate input image when nothing exists yet ([blib-la#90](https://github.com/blib-la/captain-test/issues/90)) ([89c9db3](89c9db3))
* lottie views are broken ([1ba6fd7](1ba6fd7))
* no hardcoded models ([blib-la#210](https://github.com/blib-la/captain-test/issues/210)) ([cf9a5f5](cf9a5f5)), closes [blib-la#205](https://github.com/blib-la/captain-test/issues/205)
* path to taesd ([blib-la#89](https://github.com/blib-la/captain-test/issues/89)) ([e25734c](e25734c))
* popups logic ([d7e902b](d7e902b))
* progress count on gpt is wrong ([blib-la#27](https://github.com/blib-la/captain-test/issues/27)) ([25bacbc](25bacbc)), closes [blib-la#26](https://github.com/blib-la/captain-test/issues/26)
* remove branch that doesn't exist ([0475917](0475917))
* settings icon in light mode low contrast ([c967010](c967010))
* text to image returns a captain image ([blib-la#191](https://github.com/blib-la/captain-test/issues/191)) ([a564d76](a564d76))
* tooltip on projects was overlaying ([c63f308](c63f308))
* use correct path to downloaded checkpoint ([blib-la#88](https://github.com/blib-la/captain-test/issues/88)) ([1071844](1071844))

### Features

* a generated story can be closed ([blib-la#92](https://github.com/blib-la/captain-test/issues/92)) ([902be83](902be83))
* add basic live painting UI ([blib-la#58](https://github.com/blib-la/captain-test/issues/58)) ([e1b2460](e1b2460))
* add basic marketplace logic ([blib-la#20](https://github.com/blib-la/captain-test/issues/20)) ([727d5a7](727d5a7))
* add context menu ([blib-la#41](https://github.com/blib-la/captain-test/issues/41)) ([bb030dd](bb030dd))
* add download notice for essential models ([blib-la#84](https://github.com/blib-la/captain-test/issues/84)) ([f48a629](f48a629))
* add explorer app ([blib-la#184](https://github.com/blib-la/captain-test/issues/184)) ([3ec60ee](3ec60ee)), closes [blib-la#119](https://github.com/blib-la/captain-test/issues/119) [blib-la#120](https://github.com/blib-la/captain-test/issues/120)
* add math prompt ([blib-la#72](https://github.com/blib-la/captain-test/issues/72)) ([12a79eb](12a79eb))
* add preview app ([blib-la#198](https://github.com/blib-la/captain-test/issues/198)) ([f6b1132](f6b1132)), closes [blib-la#118](https://github.com/blib-la/captain-test/issues/118)
* add prompt and seed ([blib-la#63](https://github.com/blib-la/captain-test/issues/63)) ([a0df807](a0df807))
* add story app ([blib-la#75](https://github.com/blib-la/captain-test/issues/75)) ([cbae2cf](cbae2cf))
* add text to image app ([blib-la#189](https://github.com/blib-la/captain-test/issues/189)) ([e6845df](e6845df)), closes [blib-la#190](https://github.com/blib-la/captain-test/issues/190)
* added electron-builder ([31dfcca](31dfcca))
* added marketplace ([blib-la#200](https://github.com/blib-la/captain-test/issues/200)) ([d5fdd0a](d5fdd0a)), closes [blib-la#102](https://github.com/blib-la/captain-test/issues/102) [blib-la#103](https://github.com/blib-la/captain-test/issues/103)
* added tests for createWindow and unpack, moved jest.setup.ts to the root, installed jest-mock-extended ([blib-la#51](https://github.com/blib-la/captain-test/issues/51)) ([760f3ee](760f3ee))
* added winston for logging ([blib-la#85](https://github.com/blib-la/captain-test/issues/85)) ([e9da428](e9da428))
* adjust action logic ([blib-la#73](https://github.com/blib-la/captain-test/issues/73)) ([9485760](9485760))
* adjust colors of icons ([55bea04](55bea04))
* allow deleting projects ([32740f4](32740f4))
* app separation ([blib-la#69](https://github.com/blib-la/captain-test/issues/69)) ([1339741](1339741))
* categories in marketplace ([blib-la#208](https://github.com/blib-la/captain-test/issues/208)) ([8a530c7](8a530c7))
* check for openAI API key ([blib-la#86](https://github.com/blib-la/captain-test/issues/86)) ([fda5afb](fda5afb))
* clean temporary ([blib-la#201](https://github.com/blib-la/captain-test/issues/201)) ([5455075](5455075)), closes [blib-la#185](https://github.com/blib-la/captain-test/issues/185)
* communicate existence of openaiapikey ([blib-la#93](https://github.com/blib-la/captain-test/issues/93)) ([3cd2efb](3cd2efb))
* complete rewrite of the ui ([9b2d52e](9b2d52e))
* display previews ([blib-la#186](https://github.com/blib-la/captain-test/issues/186)) ([a350107](a350107))
* download manager ([blib-la#91](https://github.com/blib-la/captain-test/issues/91)) ([a792c16](a792c16))
* download model ([blib-la#79](https://github.com/blib-la/captain-test/issues/79)) ([da212b4](da212b4))
* extended story options ([blib-la#65](https://github.com/blib-la/captain-test/issues/65)) ([39f2595](39f2595))
* extended text to image ([blib-la#192](https://github.com/blib-la/captain-test/issues/192)) ([a2c4d6e](a2c4d6e))
* extended vector store ([blib-la#182](https://github.com/blib-la/captain-test/issues/182)) ([76d62db](76d62db)), closes [blib-la#111](https://github.com/blib-la/captain-test/issues/111) [blib-la#112](https://github.com/blib-la/captain-test/issues/112)
* git clone & lfs ([blib-la#67](https://github.com/blib-la/captain-test/issues/67)) ([2a5bbc9](2a5bbc9))
* i18n support for export ([7e6c7f7](7e6c7f7))
* image-to-image pipeline ([blib-la#225](https://github.com/blib-la/captain-test/issues/225)) ([9c17a71](9c17a71))
* **image-to-image:** added ipc buffer ([blib-la#194](https://github.com/blib-la/captain-test/issues/194)) ([4ac0905](4ac0905))
* implement captioning tools, blip, wd14, gpt-v ([614b4d4](614b4d4))
* installer populates vector store ([blib-la#76](https://github.com/blib-la/captain-test/issues/76)) ([e7b1a08](e7b1a08))
* integrate vector store ([blib-la#70](https://github.com/blib-la/captain-test/issues/70)) ([c654e13](c654e13))
* live painting ([blib-la#49](https://github.com/blib-la/captain-test/issues/49)) ([416d0aa](416d0aa))
* live painting config ([blib-la#54](https://github.com/blib-la/captain-test/issues/54)) ([d9f311d](d9f311d))
* live painting options ([blib-la#196](https://github.com/blib-la/captain-test/issues/196)) ([a1833b6](a1833b6))
* **marketplace:** added apps ([blib-la#215](https://github.com/blib-la/captain-test/issues/215)) ([da86cbc](da86cbc)), closes [blib-la#211](https://github.com/blib-la/captain-test/issues/211)
* multi window apps ([blib-la#213](https://github.com/blib-la/captain-test/issues/213)) ([5bd2207](5bd2207)), closes [blib-la#212](https://github.com/blib-la/captain-test/issues/212)
* new app icon ([blib-la#15](https://github.com/blib-la/captain-test/issues/15)) ([8e6df09](8e6df09))
* new user flow and implement editing ([2e5184d](2e5184d))
* only generate output image when input was changed ([blib-la#55](https://github.com/blib-la/captain-test/issues/55)) ([fe4b4c0](fe4b4c0))
* prompt uses vector store ([blib-la#71](https://github.com/blib-la/captain-test/issues/71)) ([99b9cee](99b9cee))
* resources are updated automatically once a new version is released ([blib-la#224](https://github.com/blib-la/captain-test/issues/224)) ([2aab5fb](2aab5fb)), closes [blib-la#216](https://github.com/blib-la/captain-test/issues/216)
* safe write/copy file ([blib-la#209](https://github.com/blib-la/captain-test/issues/209)) ([9bf22a1](9bf22a1)), closes [blib-la#193](https://github.com/blib-la/captain-test/issues/193)
* save info to user data ([c69d6a7](c69d6a7))
* serve apps ([blib-la#187](https://github.com/blib-la/captain-test/issues/187)) ([4022c20](4022c20))
* story streaming ([blib-la#62](https://github.com/blib-la/captain-test/issues/62)) ([5463eaf](5463eaf))
* storytelling with OpenAI GPT-4-vision ([blib-la#57](https://github.com/blib-la/captain-test/issues/57)) ([90a1648](90a1648))
* **tray:** add link to explorer ([blib-la#204](https://github.com/blib-la/captain-test/issues/204)) ([cf50ee5](cf50ee5)), closes [blib-la#175](https://github.com/blib-la/captain-test/issues/175)
* use transformer.js for embeddings ([blib-la#74](https://github.com/blib-la/captain-test/issues/74)) ([d254612](d254612))
* various improvements ([d02910e](d02910e))
* vector store ([blib-la#68](https://github.com/blib-la/captain-test/issues/68)) ([2dbe978](2dbe978))
* write download state to store ([blib-la#217](https://github.com/blib-la/captain-test/issues/217)) ([4913cb8](4913cb8))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request released on @alpha
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: safe write/copy file blib-la/captain
2 participants
@TimPietrusky @pixelass