From 8a1b1d2109fe888a5cd7b628922c02baf191fe51 Mon Sep 17 00:00:00 2001
From: JaWarrior12 <97358009+JaWarrior12@users.noreply.github.com>
Date: Thu, 9 May 2024 15:06:11 -0400
Subject: [PATCH] Update keep_alive.py

Fixed File Path issue
---
 keep_alive.py | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/keep_alive.py b/keep_alive.py
index eb3c21e9..1cb26592 100644
--- a/keep_alive.py
+++ b/keep_alive.py
@@ -45,7 +45,14 @@ def home():
 @app.route('/datafiles/<string:file>/<string:passkey>')
 def jsondat(file,passkey=0):
   if passkey=="1498657841136236":
-    return loads(open(f'{file}.json', 'r').read())
+    base_path = '/Backups'
+    #GOOD -- Verify with normalised version of path
+    fullpath = os.path.normpath(os.path.join(base_path, filename))
+    if not fullpath.startswith(base_path):
+        raise Exception("not allowed")
+    data = loads(open(fullpath, 'rb').read())
+    return data
+    #return loads(open(f'{file}.json', 'r').read())
   else:
     return "Access to NEW LIGHT DATA FILES is restricted."
 
@@ -83,4 +90,4 @@ def keep_alives():
 	Creates and starts new thread that runs the function run.
 	'''
 	t = Thread(target=run)
-	t.start()
\ No newline at end of file
+	t.start()