AI-Cognitive-Leap/agnes-the-ai-analyst
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: return filename instead of absolute path in upload responses

Browse source
This commit is contained in:
ZdenekSrotyr 2026-04-12 14:23:51 +02:00
parent 31e210c7e3
commit 209643becb
1 changed files with 13 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
tests/test_api_complete.py
View file

@ -237,3 +237,16 @@ class TestUpload:
headers=_h(client["admin"]), headers=_h(client["admin"]),
) )
assert resp.status_code == 413 assert resp.status_code == 413
def test_upload_does_not_leak_absolute_path(self, client):
"""Upload response should not contain absolute filesystem paths."""
import io
resp = client["client"].post(
"/api/upload/artifacts",
files={"file": ("test.txt", io.BytesIO(b"hello"), "text/plain")},
headers=_h(client["admin"]),
)
assert resp.status_code == 200
data = resp.json()
assert not data.get("path", "").startswith("/"), "Response should not leak absolute path"
assert "filename" in data, "Response should contain filename"