modelkit icon indicating copy to clipboard operation
modelkit copied to clipboard

Published 20 hours ago verified publisher icon Cornerstone-OnDemand

Uploaded asset names with unsupported characters are not checked against asset spec, and cannot be downloaded

Open nmichlo opened this issue 1 year ago • 0 comments

After diving into the code, modelkit lists the following regex for asset names:

GENERIC_ASSET_NAME_RE = (
    r"(([A-Z]:\\)|/)?[a-zA-Z0-9]([a-zA-Z0-9\-\_\.\/\\]*[a-zA-Z0-9])?"
)

However:

  1. uploaded assets and sub-files are not checked against this.
  2. This does not include all valid URI and file name characters.

I uploaded a file that was named something similar to file__id==version, and because == is invalid according to the regex. The file could be uploaded, but when specified in a model config for the asset it freezes when trying to resolve the asset and no error is throw. The asset also cannot be downloaded via code.

nmichlo avatar Jun 20 '23 07:06 nmichlo