Refactor csv_path to use a relative path for enhanced security.

- Updated csv_path to a relative path to improve security. - Added checks and messages to inform if the specified folder for import or validation is empty or does not exist.
madgik · Jun 13, 2024 · 76bc74e · 76bc74e
1 parent db54908
commit 76bc74e
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 3 deletions.
diff --git a/mipdb/commands.py b/mipdb/commands.py
@@ -134,6 +134,12 @@ def load_folder(file, copy_from_file, ip, port, username, password, db_name):
     db = MonetDB.from_config(dbconfig)
 
     Cleanup(db).execute()
+    if not os.path.exists(file):
+        print(f"The path {file} does not exist.")
+        return
+    elif not os.listdir(file):
+        print(f"The directory {file} is empty.")
+        return
 
     for subdir, dirs, files in os.walk(file):
         if dirs:
@@ -158,6 +164,13 @@ def load_folder(file, copy_from_file, ip, port, username, password, db_name):
 @cl.argument("file", required=True)
 @handle_errors
 def validate_folder(file):
+    if not os.path.exists(file):
+        print(f"The path {file} does not exist.")
+        return
+    elif not os.listdir(file):
+        print(f"The directory {file} is empty.")
+        return
+
     for subdir, dirs, files in os.walk(file):
         if dirs:
             continue

diff --git a/mipdb/usecases.py b/mipdb/usecases.py
@@ -1,6 +1,7 @@
 import copy
 import datetime
 import json
+import os
 from abc import ABC, abstractmethod
 
 import pandas as pd
@@ -246,6 +247,8 @@ def execute(
             cdes = metadata_table.table
             dataset_enumerations = get_dataset_enums(cdes)
             sql_type_per_column = get_sql_type_per_column(cdes)
+            # In case the DATA_PATH is empty it will return the whole path.
+            relative_csv_path = csv_path.split(os.getenv("DATA_PATH"))[-1]
 
             if copy_from_file:
                 imported_datasets = self.import_csv_with_volume(
@@ -256,7 +259,7 @@ def execute(
                 )
             else:
                 imported_datasets = self._import_csv(
-                    csv_path=csv_path, data_model=data_model, conn=conn
+                    csv_path=relative_csv_path, data_model=data_model, conn=conn
                 )
 
             existing_datasets = datasets_table.get_values(
@@ -269,7 +272,7 @@ def execute(
                     dataset_id=dataset_id,
                     code=dataset,
                     label=dataset_enumerations[dataset],
-                    csv_path=csv_path,
+                    csv_path=relative_csv_path,
                     status="ENABLED",
                 )
                 datasets_table.insert_values(values, conn)

diff --git a/pyproject.toml b/pyproject.toml
@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "mipdb"
-version = "2.4.8"
+version = "2.4.9"
 description = ""
 authors = ["Your Name <[email protected]>"]