From c961964647a17b079bae4ac881fde6fee3d3ec0d Mon Sep 17 00:00:00 2001 From: "Timothy J. Baek" Date: Mon, 10 Jun 2024 21:59:06 -0700 Subject: [PATCH] enh: tool id validation --- backend/apps/webui/routers/tools.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/backend/apps/webui/routers/tools.py b/backend/apps/webui/routers/tools.py index 59f193858..92f9ab0a8 100644 --- a/backend/apps/webui/routers/tools.py +++ b/backend/apps/webui/routers/tools.py @@ -74,6 +74,12 @@ async def get_toolkits(user=Depends(get_admin_user)): @router.post("/create", response_model=Optional[ToolResponse]) async def create_new_toolkit(form_data: ToolForm, user=Depends(get_admin_user)): + if not form_data.id.isidentifier(): + raise HTTPException( + status_code=status.HTTP_400_BAD_REQUEST, + detail="Only alphanumeric characters and underscores are allowed in the id", + ) + toolkit = Tools.get_tool_by_id(form_data.id) if toolkit == None: toolkit_path = os.path.join(TOOLS_DIR, f"{form_data.id}.py")