adelorenzo/stable
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Disable base64 loading via API

Browse Source 
closes severe RCE vulnerability reported privately.
This commit is contained in:
Matthias
2022-09-27 20:37:16 +02:00
parent e668bf7138
commit 42cecb83f2
2 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
freqtrade/rpc/api_server/api_v1.py
View File

@@ -265,6 +265,8 @@ def list_strategies(config=Depends(get_config)):
@router.get('/strategy/{strategy}', response_model=StrategyResponse, tags=['strategy'])
def get_strategy(strategy: str, config=Depends(get_config)):
if ":" in strategy:
raise HTTPException(status_code=500, detail="base64 encoded strategies are not allowed.")
config_ = deepcopy(config)
from freqtrade.resolvers.strategy_resolver import StrategyResolver