Skip to content

Commit

Permalink
Further fix validate path on Windows (#10330)
Browse files Browse the repository at this point in the history
  • Loading branch information
Haxatron authored and BenWilson2 committed Nov 14, 2023
1 parent e8c003a commit cf83dad
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 4 deletions.
2 changes: 2 additions & 0 deletions mlflow/server/handlers.py
Original file line number Diff line number Diff line change
Expand Up @@ -96,6 +96,7 @@
from mlflow.tracking.registry import UnsupportedModelRegistryStoreURIException
from mlflow.utils.file_utils import local_file_uri_to_path
from mlflow.utils.mime_type_utils import _guess_mime_type
from mlflow.utils.os import is_windows
from mlflow.utils.promptlab_utils import _create_promptlab_run_impl
from mlflow.utils.proto_json_utils import message_to_json, parse_dict
from mlflow.utils.string_utils import is_string_type
Expand Down Expand Up @@ -552,6 +553,7 @@ def validate_path_is_safe(path):
or ".." in path.split("/")
or pathlib.PureWindowsPath(path).is_absolute()
or pathlib.PurePosixPath(path).is_absolute()
or (is_windows() and len(path) >= 2 and path[1] == ":")
):
raise MlflowException(f"Invalid path: {path}", error_code=INVALID_PARAMETER_VALUE)

Expand Down
9 changes: 5 additions & 4 deletions tests/tracking/test_rest_tracking.py
Original file line number Diff line number Diff line change
Expand Up @@ -531,9 +531,6 @@ def test_validate_path_is_safe_good(path):
"path",
[
# relative path from current directory of C: drive
"C:path",
"C:path/",
"C:path/to/file",
".../...//",
],
)
Expand Down Expand Up @@ -579,7 +576,11 @@ def test_validate_path_is_safe_bad(path):
r".\..\path",
r"path\..\to\file",
r"path\..\..\to\file",
# Drive-relative absolute paths
# Drive-relative paths
r"C:path",
r"C:path/",
r"C:path/to/file",
r"C:../path/to/file",
r"C:\path",
r"C:/path",
r"C:\path\to\file",
Expand Down

0 comments on commit cf83dad

Please sign in to comment.