leafspark
/
vAnalytics
mirror of https://github.com/leafspark/vAnalytics.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix code scanning alert #1: Uncontrolled command line 

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
This commit is contained in:
leafspark 2024-09-21 16:35:20 -07:00 committed by GitHub
parent dff316c725
commit a7fe82a62e
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 14 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/graph.py
View File

@ -250,6 +250,7 @@ def index():
for name in os.listdir(data_dir) for name in os.listdir(data_dir)
if name.endswith(".sqlite") and os.path.isfile(os.path.join(data_dir, name)) if name.endswith(".sqlite") and os.path.isfile(os.path.join(data_dir, name))
] ]
valid_model_names = set(model_names)
if request.method == "POST": if request.method == "POST":
selected_model = request.form.get("model_select") selected_model = request.form.get("model_select")
@ -272,6 +273,7 @@ def index():
"An error occurred while creating the plot. Please try again later." "An error occurred while creating the plot. Please try again later."
) )
if selected_model in valid_model_names:
command = [ command = [
"python", "python",
"get_data.py", "get_data.py",
@ -279,6 +281,11 @@ def index():
"24", "24",
f".\\data\\{selected_model}.sqlite", f".\\data\\{selected_model}.sqlite",
] ]
result = subprocess.run(command, capture_output=True, text=True)
else:
logging.error(f"Invalid model selected: {selected_model}")
error_message = "Invalid model selected. Please choose a valid model."
result = None
result = subprocess.run(command, capture_output=True, text=True) result = subprocess.run(command, capture_output=True, text=True)
else: else: