Security: restrict file writes to user_data_dir, block extra_flags from API

2026-03-08 06:33:51 +01:00 · 2026-03-06 16:57:57 -03:00 · 2026-03-06 16:57:57 -03:00 · b8b4471ab5
parent d03923924a
commit b8b4471ab5
2 changed files with 5 additions and 11 deletions
--- a/extensions/openai/models.py
+++ b/extensions/openai/models.py
@ -48,8 +48,9 @@ def _load_model(data):
    # Update shared.args with custom model loading settings
    # Security: only allow keys that correspond to model loading
    # parameters exposed in the UI. Never allow security-sensitive
-    # flags like trust_remote_code to be set via the API.
-    allowed_keys = set(ui.list_model_elements())
+    # flags like trust_remote_code or extra_flags to be set via the API.
+    blocked_keys = {'extra_flags'}
+    allowed_keys = set(ui.list_model_elements()) - blocked_keys
    if args:
        for k in args:
            if k in allowed_keys and hasattr(shared.args, k):
--- a/modules/utils.py
+++ b/modules/utils.py
@ -27,21 +27,14 @@ def sanitize_filename(name):


 def _is_path_allowed(abs_path_str):
-    """Check if a path is under the project root or the configured user_data directory."""
+    """Check if a path is under the configured user_data directory."""
    abs_path = Path(abs_path_str).resolve()
-    root_folder = Path(__file__).resolve().parent.parent
    user_data_resolved = shared.user_data_dir.resolve()
-    try:
-        abs_path.relative_to(root_folder)
-        return True
-    except ValueError:
-        pass
    try:
        abs_path.relative_to(user_data_resolved)
        return True
    except ValueError:
-        pass
-    return False
+        return False


 def save_file(fname, contents):