From 00827fbe621ad20eaf3be96e60ef918c49227cfe Mon Sep 17 00:00:00 2001 From: "pixeebot[bot]" <104101892+pixeebot[bot]@users.noreply.github.com> Date: Fri, 23 Aug 2024 11:35:04 +0000 Subject: [PATCH] Replace unsafe usage of `flask.send_file` --- document-service/src/unstract/document_service/main.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/document-service/src/unstract/document_service/main.py b/document-service/src/unstract/document_service/main.py index 731a419b9e..4aae46ee50 100644 --- a/document-service/src/unstract/document_service/main.py +++ b/document-service/src/unstract/document_service/main.py @@ -6,9 +6,11 @@ from typing import Any import redis -from flask import Flask, request, send_file +from flask import Flask, request from odf import teletype, text from odf.opendocument import load +import flask +from pathlib import Path logging.basicConfig( level=logging.INFO, @@ -205,7 +207,7 @@ def find_and_replace(): except Exception as e: app.logger.error(f"Error while converting file to {output_format} format: {e}") return f"Error while converting file to {output_format} format!", 500 - return send_file(file_name_output, as_attachment=True) + return flask.send_from_directory((p := Path(file_name_output)).parent, p.name, as_attachment=True) if __name__ == "__main__":