(tooling-trusted-releases) branch main updated: Add a form type for filenames

Mon, 10 Nov 2025 08:59:08 -0800 

This is an automated email from the ASF dual-hosted git repository.

sbp pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tooling-trusted-releases.git


The following commit(s) were added to refs/heads/main by this push:
     new 66672b7  Add a form type for filenames
66672b7 is described below

commit 66672b7791670e1663d259777ef145f5d643908f
Author: Sean B. Palmer <[email protected]>
AuthorDate: Mon Nov 10 16:54:48 2025 +0000

    Add a form type for filenames
---
 atr/form.py | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/atr/form.py b/atr/form.py
index 7ca9d13..2c3a21c 100644
--- a/atr/form.py
+++ b/atr/form.py
@@ -19,6 +19,7 @@ from __future__ import annotations
 
 import enum
 import json
+import pathlib
 import types
 from typing import TYPE_CHECKING, Annotated, Any, Final, Literal, 
TypeAliasType, get_args, get_origin
 
@@ -344,6 +345,28 @@ def to_filestorage_list(v: Any) -> 
list[datastructures.FileStorage]:
     raise ValueError("Expected a list of uploaded files")
 
 
+def to_filename(v: Any) -> pathlib.Path:
+    if not v:
+        raise ValueError("Filename cannot be empty")
+
+    path = pathlib.Path(str(v))
+
+    if len(path.parts) != 1:
+        raise ValueError("Expected a filename, not a path containing 
directories")
+
+    if path.is_absolute():
+        # This branch should be unreachable
+        raise ValueError("Absolute paths are not allowed")
+
+    if "." in path.parts:
+        raise ValueError("Self directory references (.) are not allowed")
+
+    if ".." in path.parts:
+        raise ValueError("Parent directory references (..) are not allowed")
+
+    return path
+
+
 def to_int(v: Any) -> int:
     # if v == "":
     #     return 0
@@ -377,6 +400,12 @@ FileList = Annotated[
     pydantic.Field(default_factory=list),
 ]
 
+Filename = Annotated[
+    pathlib.Path | None,
+    functional_validators.BeforeValidator(to_filename),
+    pydantic.Field(default=None),
+]
+
 Int = Annotated[
     int,
     functional_validators.BeforeValidator(to_int),


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to