diff --git a/app/assets/scanner.py b/app/assets/scanner.py index ffb92f6a3..85c77dfa4 100644 --- a/app/assets/scanner.py +++ b/app/assets/scanner.py @@ -1,7 +1,7 @@ -import contextlib import logging import os import time +from pathlib import Path from typing import Literal, TypedDict import folder_paths @@ -89,12 +89,11 @@ def collect_models_files() -> list[str]: continue abs_path = os.path.abspath(abs_path) allowed = False + abs_p = Path(abs_path) for b in bases: - base_abs = os.path.abspath(b) - with contextlib.suppress(ValueError): - if os.path.commonpath([abs_path, base_abs]) == base_abs: - allowed = True - break + if abs_p.is_relative_to(os.path.abspath(b)): + allowed = True + break if allowed: out.append(abs_path) return out diff --git a/app/assets/services/path_utils.py b/app/assets/services/path_utils.py index c2be4bb52..22be7b18b 100644 --- a/app/assets/services/path_utils.py +++ b/app/assets/services/path_utils.py @@ -53,13 +53,9 @@ def resolve_destination_from_tags(tags: list[str]) -> tuple[str, list[str]]: def validate_path_within_base(candidate: str, base: str) -> None: - cand_abs = os.path.abspath(candidate) - base_abs = os.path.abspath(base) - try: - common = os.path.commonpath([cand_abs, base_abs]) - except Exception: - raise ValueError("invalid destination path") - if common != base_abs: + cand_abs = Path(os.path.abspath(candidate)) + base_abs = Path(os.path.abspath(base)) + if not cand_abs.is_relative_to(base_abs): raise ValueError("destination escapes base directory") @@ -108,10 +104,7 @@ def get_asset_category_and_relative_path( fp_abs = os.path.abspath(file_path) def _check_is_within(child: str, parent: str) -> bool: - try: - return os.path.commonpath([child, parent]) == parent - except Exception: - return False + return Path(child).is_relative_to(parent) def _compute_relative(child: str, parent: str) -> str: return os.path.relpath(