diff options
| author | jfriedli | 2020-05-08 09:10:18 -0700 |
|---|---|---|
| committer | jfriedli | 2020-05-08 09:10:18 -0700 |
| commit | 853ace7d83424f85d903f6ffe2352bf41f86b7ce (patch) | |
| tree | 91f33ae06272bbeda564b0aabe1baa4aaf8e2d87 /matweb/rest_api.py | |
| parent | 9157dee69f69eeba521ff0a5f5cc651d3629ae6c (diff) | |
Resolve "Fuzzing Errors /api/upload"
Diffstat (limited to 'matweb/rest_api.py')
| -rw-r--r-- | matweb/rest_api.py | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/matweb/rest_api.py b/matweb/rest_api.py index 4098050..a07d2d2 100644 --- a/matweb/rest_api.py +++ b/matweb/rest_api.py | |||
| @@ -28,11 +28,15 @@ class APIUpload(Resource): | |||
| 28 | args = req_parser.parse_args() | 28 | args = req_parser.parse_args() |
| 29 | try: | 29 | try: |
| 30 | file_data = base64.b64decode(args['file']) | 30 | file_data = base64.b64decode(args['file']) |
| 31 | except binascii.Error as err: | 31 | except (binascii.Error, ValueError): |
| 32 | abort(400, message='Failed decoding file: ' + str(err)) | 32 | abort(400, message='Failed decoding file') |
| 33 | 33 | ||
| 34 | file = FileStorage(stream=io.BytesIO(file_data), filename=args['file_name']) | 34 | file = FileStorage(stream=io.BytesIO(file_data), filename=args['file_name']) |
| 35 | filename, filepath = utils.save_file(file, self.upload_folder) | 35 | try: |
| 36 | filename, filepath = utils.save_file(file, self.upload_folder) | ||
| 37 | except ValueError: | ||
| 38 | abort(400, message='Invalid Filename') | ||
| 39 | |||
| 36 | parser, mime = utils.get_file_parser(filepath) | 40 | parser, mime = utils.get_file_parser(filepath) |
| 37 | 41 | ||
| 38 | if parser is None: | 42 | if parser is None: |