rasa-pro 3.12.30__py3-none-any.whl → 3.12.32__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of rasa-pro might be problematic. Click here for more details.
- rasa/engine/storage/local_model_storage.py +83 -3
- rasa/version.py +1 -1
- {rasa_pro-3.12.30.dist-info → rasa_pro-3.12.32.dist-info}/METADATA +3 -3
- {rasa_pro-3.12.30.dist-info → rasa_pro-3.12.32.dist-info}/RECORD +7 -7
- {rasa_pro-3.12.30.dist-info → rasa_pro-3.12.32.dist-info}/NOTICE +0 -0
- {rasa_pro-3.12.30.dist-info → rasa_pro-3.12.32.dist-info}/WHEEL +0 -0
- {rasa_pro-3.12.30.dist-info → rasa_pro-3.12.32.dist-info}/entry_points.txt +0 -0
|
@@ -1,14 +1,16 @@
|
|
|
1
1
|
from __future__ import annotations
|
|
2
2
|
|
|
3
3
|
import logging
|
|
4
|
+
import os
|
|
4
5
|
import shutil
|
|
5
6
|
import sys
|
|
7
|
+
import tarfile
|
|
6
8
|
import tempfile
|
|
7
9
|
import uuid
|
|
8
10
|
from contextlib import contextmanager
|
|
9
11
|
from datetime import datetime
|
|
10
12
|
from pathlib import Path
|
|
11
|
-
from typing import Generator, Optional, Text, Tuple, Union
|
|
13
|
+
from typing import Callable, Generator, List, Optional, Text, Tuple, Union
|
|
12
14
|
|
|
13
15
|
from tarsafe import TarSafe
|
|
14
16
|
|
|
@@ -57,6 +59,35 @@ def windows_safe_temporary_directory(
|
|
|
57
59
|
yield temporary_directory
|
|
58
60
|
|
|
59
61
|
|
|
62
|
+
def filter_normpath(member: tarfile.TarInfo, dest_path: str) -> tarfile.TarInfo:
|
|
63
|
+
"""Normalize tar member paths for safe extraction"""
|
|
64
|
+
if member.name:
|
|
65
|
+
member.name = os.path.normpath(member.name)
|
|
66
|
+
return member
|
|
67
|
+
|
|
68
|
+
|
|
69
|
+
FilterFunction = Callable[[tarfile.TarInfo, str], Optional[tarfile.TarInfo]]
|
|
70
|
+
|
|
71
|
+
|
|
72
|
+
def create_combined_filter(existing_filter: Optional[FilterFunction]) -> FilterFunction:
|
|
73
|
+
"""Create a filter that combines existing filter with path normalization"""
|
|
74
|
+
|
|
75
|
+
def combined_filter(
|
|
76
|
+
member: tarfile.TarInfo, dest_path: str
|
|
77
|
+
) -> Optional[tarfile.TarInfo]:
|
|
78
|
+
"""Apply existing filter first, then path normalization"""
|
|
79
|
+
if existing_filter is not None:
|
|
80
|
+
filtered_member = existing_filter(member, dest_path)
|
|
81
|
+
if filtered_member is None:
|
|
82
|
+
return None # Rejected by existing filter
|
|
83
|
+
member = filtered_member # Use the filtered result
|
|
84
|
+
|
|
85
|
+
# Apply our path normalization
|
|
86
|
+
return filter_normpath(member, dest_path)
|
|
87
|
+
|
|
88
|
+
return combined_filter
|
|
89
|
+
|
|
90
|
+
|
|
60
91
|
class LocalModelStorage(ModelStorage):
|
|
61
92
|
"""Stores and provides output of `GraphComponents` on local disk."""
|
|
62
93
|
|
|
@@ -122,9 +153,29 @@ class LocalModelStorage(ModelStorage):
|
|
|
122
153
|
# this restriction in environments where it's not possible
|
|
123
154
|
# to override this behavior, mostly for internal policy reasons
|
|
124
155
|
# reference: https://stackoverflow.com/a/49102229
|
|
125
|
-
|
|
156
|
+
try:
|
|
157
|
+
# Use extraction filter to normalize paths for compatibility
|
|
158
|
+
# before trying the \\?\ prefix approach first
|
|
159
|
+
prev_filter = getattr(tar, "extraction_filter", None)
|
|
160
|
+
tar.extraction_filter = create_combined_filter(prev_filter)
|
|
161
|
+
tar.extractall(
|
|
162
|
+
f"\\\\?\\{temporary_directory}",
|
|
163
|
+
members=yield_safe_members(tar.getmembers()),
|
|
164
|
+
)
|
|
165
|
+
except Exception:
|
|
166
|
+
# Fallback for Python versions with tarfile security fix
|
|
167
|
+
logger.warning(
|
|
168
|
+
"Failed to extract model archive with long path support. "
|
|
169
|
+
"Falling back to regular extraction."
|
|
170
|
+
)
|
|
171
|
+
tar.extractall(
|
|
172
|
+
temporary_directory,
|
|
173
|
+
members=yield_safe_members(tar.getmembers()),
|
|
174
|
+
)
|
|
126
175
|
else:
|
|
127
|
-
tar.extractall(
|
|
176
|
+
tar.extractall(
|
|
177
|
+
temporary_directory, members=yield_safe_members(tar.getmembers())
|
|
178
|
+
)
|
|
128
179
|
LocalModelStorage._assert_not_rasa2_archive(temporary_directory)
|
|
129
180
|
|
|
130
181
|
@staticmethod
|
|
@@ -244,3 +295,32 @@ class LocalModelStorage(ModelStorage):
|
|
|
244
295
|
core_target=model_configuration.core_target,
|
|
245
296
|
nlu_target=model_configuration.nlu_target,
|
|
246
297
|
)
|
|
298
|
+
|
|
299
|
+
|
|
300
|
+
def yield_safe_members(
|
|
301
|
+
members: List[tarfile.TarInfo],
|
|
302
|
+
) -> Generator[tarfile.TarInfo, None, None]:
|
|
303
|
+
"""
|
|
304
|
+
Filter function for tar.extractall members parameter.
|
|
305
|
+
Validates each member and yields only safe ones.
|
|
306
|
+
|
|
307
|
+
Args:
|
|
308
|
+
members: Iterator of TarInfo objects from tar.getmembers()
|
|
309
|
+
|
|
310
|
+
Yields:
|
|
311
|
+
TarInfo: Safe members to extract
|
|
312
|
+
"""
|
|
313
|
+
for member in members:
|
|
314
|
+
# Skip absolute paths
|
|
315
|
+
if Path(member.name).is_absolute():
|
|
316
|
+
continue
|
|
317
|
+
|
|
318
|
+
# Skip paths with directory traversal sequences
|
|
319
|
+
if ".." in member.name or "\\.." in member.name:
|
|
320
|
+
continue
|
|
321
|
+
|
|
322
|
+
# Skip special file types unless you need them
|
|
323
|
+
if member.isdev() or member.issym():
|
|
324
|
+
continue
|
|
325
|
+
|
|
326
|
+
yield member
|
rasa/version.py
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.3
|
|
2
2
|
Name: rasa-pro
|
|
3
|
-
Version: 3.12.
|
|
3
|
+
Version: 3.12.32
|
|
4
4
|
Summary: State-of-the-art open-core Conversational AI framework for Enterprises that natively leverages generative AI for effortless assistant development.
|
|
5
5
|
Keywords: nlp,machine-learning,machine-learning-library,bot,bots,botkit,rasa conversational-agents,conversational-ai,chatbot,chatbot-framework,bot-framework
|
|
6
6
|
Author: Rasa Technologies GmbH
|
|
@@ -103,7 +103,7 @@ Requires-Dist: randomname (>=0.2.1,<0.3.0)
|
|
|
103
103
|
Requires-Dist: rasa-sdk (==3.12.0)
|
|
104
104
|
Requires-Dist: redis (>=4.6.0,<6.0)
|
|
105
105
|
Requires-Dist: regex (>=2024.7.24,<2024.8.0)
|
|
106
|
-
Requires-Dist: requests (>=2.32.
|
|
106
|
+
Requires-Dist: requests (>=2.32.5,<2.33.0)
|
|
107
107
|
Requires-Dist: rich (>=13.4.2,<14.0.0)
|
|
108
108
|
Requires-Dist: rocketchat_API (>=1.32.0,<1.33.0)
|
|
109
109
|
Requires-Dist: ruamel.yaml (>=0.17.21,<0.17.22)
|
|
@@ -118,7 +118,7 @@ Requires-Dist: sentencepiece[sentencepiece] (>=0.1.99,<0.2.0) ; extra == "transf
|
|
|
118
118
|
Requires-Dist: sentry-sdk (>=2.8.0,<3)
|
|
119
119
|
Requires-Dist: setuptools (>=78.1.1,<78.2.0)
|
|
120
120
|
Requires-Dist: sklearn-crfsuite (>=0.3.6,<0.4.0)
|
|
121
|
-
Requires-Dist: skops (>=0.
|
|
121
|
+
Requires-Dist: skops (>=0.13.0,<0.14.0)
|
|
122
122
|
Requires-Dist: slack-sdk (>=3.27.1,<3.28.0)
|
|
123
123
|
Requires-Dist: spacy (>=3.5.4,<4.0.0) ; extra == "spacy" or extra == "full"
|
|
124
124
|
Requires-Dist: structlog (>=23.1.0,<23.2.0)
|
|
@@ -503,7 +503,7 @@ rasa/engine/runner/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuF
|
|
|
503
503
|
rasa/engine/runner/dask.py,sha256=ocmpRpDpRPMaisZcBFDeUPbWGl6oWiU9UXyWimE9074,9476
|
|
504
504
|
rasa/engine/runner/interface.py,sha256=zkaKe5vjiYrR7Efepr7LVZRJEGNDM959rkdR62vEgTM,1679
|
|
505
505
|
rasa/engine/storage/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
506
|
-
rasa/engine/storage/local_model_storage.py,sha256=
|
|
506
|
+
rasa/engine/storage/local_model_storage.py,sha256=kVkINXxwJVcRQmOCyD8K7N01ATZtOqKrFpA7kb6z7oI,12473
|
|
507
507
|
rasa/engine/storage/resource.py,sha256=sUCBNSIrjEr68wCj7D48hzmIih7ezmT88esMhyykA88,3932
|
|
508
508
|
rasa/engine/storage/storage.py,sha256=mNLptsu9cOXWu8k55CnjZMByv6eqh2rEOqXC9__k8aE,6930
|
|
509
509
|
rasa/engine/training/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
@@ -822,9 +822,9 @@ rasa/utils/train_utils.py,sha256=ClJx-6x3-h3Vt6mskacgkcCUJTMXjFPe3zAcy_DfmaU,212
|
|
|
822
822
|
rasa/utils/url_tools.py,sha256=dZ1HGkVdWTJB7zYEdwoDIrEuyX9HE5WsxKKFVsXBLE0,1218
|
|
823
823
|
rasa/utils/yaml.py,sha256=KjbZq5C94ZP7Jdsw8bYYF7HASI6K4-C_kdHfrnPLpSI,2000
|
|
824
824
|
rasa/validator.py,sha256=524VlFTYK0B3iXYveVD6BDC3K0j1QfpzJ9O-TAWczmc,83166
|
|
825
|
-
rasa/version.py,sha256=
|
|
826
|
-
rasa_pro-3.12.
|
|
827
|
-
rasa_pro-3.12.
|
|
828
|
-
rasa_pro-3.12.
|
|
829
|
-
rasa_pro-3.12.
|
|
830
|
-
rasa_pro-3.12.
|
|
825
|
+
rasa/version.py,sha256=0jQ2Z9MlEZq5LE0RbR_32-V_zhhpiBjIXu7kqb57q5o,118
|
|
826
|
+
rasa_pro-3.12.32.dist-info/METADATA,sha256=I4-ePtMb2yxAT-TkIqxVoCL2NUPCsSVo-f4sflNjIzo,10609
|
|
827
|
+
rasa_pro-3.12.32.dist-info/NOTICE,sha256=7HlBoMHJY9CL2GlYSfTQ-PZsVmLmVkYmMiPlTjhuCqA,218
|
|
828
|
+
rasa_pro-3.12.32.dist-info/WHEEL,sha256=fGIA9gx4Qxk2KDKeNJCbOEwSrmLtjWCwzBz351GyrPQ,88
|
|
829
|
+
rasa_pro-3.12.32.dist-info/entry_points.txt,sha256=ckJ2SfEyTPgBqj_I6vm_tqY9dZF_LAPJZA335Xp0Q9U,43
|
|
830
|
+
rasa_pro-3.12.32.dist-info/RECORD,,
|
|
File without changes
|
|
File without changes
|
|
File without changes
|