rasa-pro 3.12.31__py3-none-any.whl → 3.12.32__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of rasa-pro might be problematic. Click here for more details.

Files changed (7) hide show
  1. rasa/engine/storage/local_model_storage.py +41 -4
  2. rasa/version.py +1 -1
  3. {rasa_pro-3.12.31.dist-info → rasa_pro-3.12.32.dist-info}/METADATA +3 -3
  4. {rasa_pro-3.12.31.dist-info → rasa_pro-3.12.32.dist-info}/RECORD +7 -7
  5. {rasa_pro-3.12.31.dist-info → rasa_pro-3.12.32.dist-info}/NOTICE +0 -0
  6. {rasa_pro-3.12.31.dist-info → rasa_pro-3.12.32.dist-info}/WHEEL +0 -0
  7. {rasa_pro-3.12.31.dist-info → rasa_pro-3.12.32.dist-info}/entry_points.txt +0 -0
rasa/engine/storage/local_model_storage.py CHANGED
@@ -10,7 +10,7 @@ import uuid
10
10
  from contextlib import contextmanager
11
11
  from datetime import datetime
12
12
  from pathlib import Path
13
- from typing import Callable, Generator, Optional, Text, Tuple, Union
13
+ from typing import Callable, Generator, List, Optional, Text, Tuple, Union
14
14
 
15
15
  from tarsafe import TarSafe
16
16
 
@@ -158,16 +158,24 @@ class LocalModelStorage(ModelStorage):
158
158
  # before trying the \\?\ prefix approach first
159
159
  prev_filter = getattr(tar, "extraction_filter", None)
160
160
  tar.extraction_filter = create_combined_filter(prev_filter)
161
- tar.extractall(f"\\\\?\\{temporary_directory}")
161
+ tar.extractall(
162
+ f"\\\\?\\{temporary_directory}",
163
+ members=yield_safe_members(tar.getmembers()),
164
+ )
162
165
  except Exception:
163
166
  # Fallback for Python versions with tarfile security fix
164
167
  logger.warning(
165
168
  "Failed to extract model archive with long path support. "
166
169
  "Falling back to regular extraction."
167
170
  )
168
- tar.extractall(temporary_directory)
171
+ tar.extractall(
172
+ temporary_directory,
173
+ members=yield_safe_members(tar.getmembers()),
174
+ )
169
175
  else:
170
- tar.extractall(temporary_directory)
176
+ tar.extractall(
177
+ temporary_directory, members=yield_safe_members(tar.getmembers())
178
+ )
171
179
  LocalModelStorage._assert_not_rasa2_archive(temporary_directory)
172
180
 
173
181
  @staticmethod
@@ -287,3 +295,32 @@ class LocalModelStorage(ModelStorage):
287
295
  core_target=model_configuration.core_target,
288
296
  nlu_target=model_configuration.nlu_target,
289
297
  )
298
+
299
+
300
+ def yield_safe_members(
301
+ members: List[tarfile.TarInfo],
302
+ ) -> Generator[tarfile.TarInfo, None, None]:
303
+ """
304
+ Filter function for tar.extractall members parameter.
305
+ Validates each member and yields only safe ones.
306
+
307
+ Args:
308
+ members: Iterator of TarInfo objects from tar.getmembers()
309
+
310
+ Yields:
311
+ TarInfo: Safe members to extract
312
+ """
313
+ for member in members:
314
+ # Skip absolute paths
315
+ if Path(member.name).is_absolute():
316
+ continue
317
+
318
+ # Skip paths with directory traversal sequences
319
+ if ".." in member.name or "\\.." in member.name:
320
+ continue
321
+
322
+ # Skip special file types unless you need them
323
+ if member.isdev() or member.issym():
324
+ continue
325
+
326
+ yield member
rasa/version.py CHANGED
@@ -1,3 +1,3 @@
1
1
  # this file will automatically be changed,
2
2
  # do not add anything but the version number here!
3
- __version__ = "3.12.31"
3
+ __version__ = "3.12.32"
{rasa_pro-3.12.31.dist-info → rasa_pro-3.12.32.dist-info}/METADATA RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.3
2
2
  Name: rasa-pro
3
- Version: 3.12.31
3
+ Version: 3.12.32
4
4
  Summary: State-of-the-art open-core Conversational AI framework for Enterprises that natively leverages generative AI for effortless assistant development.
5
5
  Keywords: nlp,machine-learning,machine-learning-library,bot,bots,botkit,rasa conversational-agents,conversational-ai,chatbot,chatbot-framework,bot-framework
6
6
  Author: Rasa Technologies GmbH
@@ -103,7 +103,7 @@ Requires-Dist: randomname (>=0.2.1,<0.3.0)
103
103
  Requires-Dist: rasa-sdk (==3.12.0)
104
104
  Requires-Dist: redis (>=4.6.0,<6.0)
105
105
  Requires-Dist: regex (>=2024.7.24,<2024.8.0)
106
- Requires-Dist: requests (>=2.32.3,<2.33.0)
106
+ Requires-Dist: requests (>=2.32.5,<2.33.0)
107
107
  Requires-Dist: rich (>=13.4.2,<14.0.0)
108
108
  Requires-Dist: rocketchat_API (>=1.32.0,<1.33.0)
109
109
  Requires-Dist: ruamel.yaml (>=0.17.21,<0.17.22)
@@ -118,7 +118,7 @@ Requires-Dist: sentencepiece[sentencepiece] (>=0.1.99,<0.2.0) ; extra == "transf
118
118
  Requires-Dist: sentry-sdk (>=2.8.0,<3)
119
119
  Requires-Dist: setuptools (>=78.1.1,<78.2.0)
120
120
  Requires-Dist: sklearn-crfsuite (>=0.3.6,<0.4.0)
121
- Requires-Dist: skops (>=0.10.0,<0.11.0)
121
+ Requires-Dist: skops (>=0.13.0,<0.14.0)
122
122
  Requires-Dist: slack-sdk (>=3.27.1,<3.28.0)
123
123
  Requires-Dist: spacy (>=3.5.4,<4.0.0) ; extra == "spacy" or extra == "full"
124
124
  Requires-Dist: structlog (>=23.1.0,<23.2.0)
{rasa_pro-3.12.31.dist-info → rasa_pro-3.12.32.dist-info}/RECORD RENAMED
@@ -503,7 +503,7 @@ rasa/engine/runner/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuF
503
503
  rasa/engine/runner/dask.py,sha256=ocmpRpDpRPMaisZcBFDeUPbWGl6oWiU9UXyWimE9074,9476
504
504
  rasa/engine/runner/interface.py,sha256=zkaKe5vjiYrR7Efepr7LVZRJEGNDM959rkdR62vEgTM,1679
505
505
  rasa/engine/storage/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
506
- rasa/engine/storage/local_model_storage.py,sha256=Y2VKg04I63WgIL9XeLhJs7SkQMRqUziKyTj9QnhTWZ8,11382
506
+ rasa/engine/storage/local_model_storage.py,sha256=kVkINXxwJVcRQmOCyD8K7N01ATZtOqKrFpA7kb6z7oI,12473
507
507
  rasa/engine/storage/resource.py,sha256=sUCBNSIrjEr68wCj7D48hzmIih7ezmT88esMhyykA88,3932
508
508
  rasa/engine/storage/storage.py,sha256=mNLptsu9cOXWu8k55CnjZMByv6eqh2rEOqXC9__k8aE,6930
509
509
  rasa/engine/training/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -822,9 +822,9 @@ rasa/utils/train_utils.py,sha256=ClJx-6x3-h3Vt6mskacgkcCUJTMXjFPe3zAcy_DfmaU,212
822
822
  rasa/utils/url_tools.py,sha256=dZ1HGkVdWTJB7zYEdwoDIrEuyX9HE5WsxKKFVsXBLE0,1218
823
823
  rasa/utils/yaml.py,sha256=KjbZq5C94ZP7Jdsw8bYYF7HASI6K4-C_kdHfrnPLpSI,2000
824
824
  rasa/validator.py,sha256=524VlFTYK0B3iXYveVD6BDC3K0j1QfpzJ9O-TAWczmc,83166
825
- rasa/version.py,sha256=2Z_MhUOhckb-Tlm2UuPGZdu3Albffu_Js1q85XaCmXo,118
826
- rasa_pro-3.12.31.dist-info/METADATA,sha256=0IoqbSS8YRmiKFl7qocrUXcFHfoa0NBRd5yfArRgzmc,10609
827
- rasa_pro-3.12.31.dist-info/NOTICE,sha256=7HlBoMHJY9CL2GlYSfTQ-PZsVmLmVkYmMiPlTjhuCqA,218
828
- rasa_pro-3.12.31.dist-info/WHEEL,sha256=fGIA9gx4Qxk2KDKeNJCbOEwSrmLtjWCwzBz351GyrPQ,88
829
- rasa_pro-3.12.31.dist-info/entry_points.txt,sha256=ckJ2SfEyTPgBqj_I6vm_tqY9dZF_LAPJZA335Xp0Q9U,43
830
- rasa_pro-3.12.31.dist-info/RECORD,,
825
+ rasa/version.py,sha256=0jQ2Z9MlEZq5LE0RbR_32-V_zhhpiBjIXu7kqb57q5o,118
826
+ rasa_pro-3.12.32.dist-info/METADATA,sha256=I4-ePtMb2yxAT-TkIqxVoCL2NUPCsSVo-f4sflNjIzo,10609
827
+ rasa_pro-3.12.32.dist-info/NOTICE,sha256=7HlBoMHJY9CL2GlYSfTQ-PZsVmLmVkYmMiPlTjhuCqA,218
828
+ rasa_pro-3.12.32.dist-info/WHEEL,sha256=fGIA9gx4Qxk2KDKeNJCbOEwSrmLtjWCwzBz351GyrPQ,88
829
+ rasa_pro-3.12.32.dist-info/entry_points.txt,sha256=ckJ2SfEyTPgBqj_I6vm_tqY9dZF_LAPJZA335Xp0Q9U,43
830
+ rasa_pro-3.12.32.dist-info/RECORD,,