Skip to content

Commit 9b9b1cc

Browse files
authored
Update _sys.py (#1361)
Ensuring the path from the user is checked. - resolving path to absolute - ensuring path exists - checking if its an actual file
1 parent c74d893 commit 9b9b1cc

1 file changed

Lines changed: 10 additions & 1 deletion

File tree

verticapy/_utils/_sql/_sys.py

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,9 @@
1414
See the License for the specific language governing
1515
permissions and limitations under the License.
1616
"""
17+
import os
1718
import time
19+
from pathlib import Path
1820
from typing import Any, Literal, Optional
1921

2022
import verticapy._config.config as conf
@@ -180,7 +182,14 @@ def _executeSQL(
180182
if data:
181183
cursor.executemany(query, data)
182184
elif method == "copy":
183-
with open(path, "r", encoding="utf-8") as f:
185+
if not path:
186+
raise ValueError("path must be provided when method='copy'")
187+
# Validate path to prevent path traversal attacks
188+
file_path = Path(path).resolve()
189+
# Ensure the resolved path exists and is a file
190+
if not file_path.is_file():
191+
raise ValueError(f"File not found or is not a regular file: {path}")
192+
with open(file_path, "r", encoding="utf-8") as f:
184193
cursor.copy(query, f)
185194
else:
186195
cursor.execute(query)

0 commit comments

Comments
 (0)