Skip to content

Commit

Permalink
add guard clause to safe_chars check
Browse files Browse the repository at this point in the history 
Co-authored-by: codeflash-ai[bot] <148906541+codeflash-ai[bot]@users.noreply.github.com>
  • Loading branch information
@ogabrielluiz @codeflash-ai
ogabrielluiz and codeflash-ai[bot] authored Dec 20, 2024
1 parent 90a28e5 commit f09b0e0
Showing 1 changed file with 9 additions and 4 deletions.
13 changes: 9 additions & 4 deletions src/backend/base/langflow/components/processing/filter_data.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -150,10 +150,15 @@ def _filter_by_columns(self, dataframe: pd.DataFrame) -> pd.DataFrame:

def _is_safe_jq_query(self, query: str) -> bool:
"""Validate JQ query for security."""
# Basic validation - only allow alphanumeric characters, dots, brackets,
# spaces, and common JQ operators
safe_chars = set("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.[]() +-*/<>=|,")
return all(c in safe_chars for c in query) and len(query) < self.max_query_length
if len(query) >= self.max_query_length:
return False
safe_chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.[]() +-*/<>=|,"
for c in query:
if c not in safe_chars:
return False

return True

Check failure on line 160 in src/backend/base/langflow/components/processing/filter_data.py

View workflow job for this annotation

GitHub Actions / Ruff Style Check (3.12)

Ruff (SIM110) 

src/backend/base/langflow/components/processing/filter_data.py:156:9: SIM110 Use `return all(c in safe_chars for c in query)` instead of `for` loop


def process_data(self) -> Data:
"""Process data and return as Data object or list of Data objects."""
Expand Down

0 comments on commit f09b0e0

Please sign in to comment.