Fix indentation and add newline at end of file

Santhosh-p653 · web-flow · commit 5ab80530a7d9 · 2026-05-03T08:08:03.000+05:30
diff --git a/ml/main.py b/ml/main.py
@@ -24,6 +24,10 @@
 )
 
 UPLOADS_ROOT = Path("/app/uploads")
+ALLOWED_SUFFIXES = {".jpg", ".jpeg", ".png", ".mp4"}
+
+# Fix #4: ensure uploads directory exists at startup
+UPLOADS_ROOT.mkdir(parents=True, exist_ok=True)
 
 app = FastAPI()
 
@@ -48,20 +52,34 @@ def process(payload: dict):
         logger.warning("Missing minio_object in payload", extra={"status": "error"})
         return {"error": "minio_object is required"}
 
-    ext = Path(minio_object).suffix.lower() or ".jpg"
+    # Fix #1: only extract the suffix from user input — never use minio_object
+    # as a path component directly, preventing path traversal via object keys
+    ext = Path(minio_object).suffix.lower()
+    if ext not in ALLOWED_SUFFIXES:
+        logger.warning(
+            f"Rejected unsupported extension — {ext!r}",
+            extra={"status": "error"}
+        )
+        return {"error": "Unsupported file type"}
+
     filename = f"{uuid.uuid4()}{ext}"
-    tmp_path = str(UPLOADS_ROOT / filename)
+
+    # Fix #2: initialise tmp_path before try so finally block never hits NameError
+    # Fix #3: keep as Path throughout — only cast to str at call sites that need it
+    tmp_path: Path | None = None
 
     try:
+        tmp_path = UPLOADS_ROOT / filename
+
         logger.info(
             f"Downloading from MinIO — object={minio_object}",
             extra={"status": "called"}
         )
-        minio_client.fget_object(MINIO_BUCKET, minio_object, tmp_path)
+        minio_client.fget_object(MINIO_BUCKET, minio_object, str(tmp_path))
         logger.info("MinIO download complete", extra={"status": "success"})
 
         logger.info("Preprocessing invoked", extra={"status": "called"})
-        frames, preprocessing_signal = preprocess(tmp_path)
+        frames, preprocessing_signal = preprocess(str(tmp_path))
         logger.info(
             f"Preprocessing complete — quality={preprocessing_signal.score}",
             extra={"status": "success"}
@@ -81,8 +99,9 @@ def process(payload: dict):
         logger.exception("Unexpected error during processing", extra={"status": "error"})
         return {"error": "Internal processing error"}
     finally:
-        if os.path.exists(tmp_path):
-            os.unlink(tmp_path)
+        # Fix #2+3: tmp_path is a Path or None — .exists()/.unlink() are safe either way
+        if tmp_path is not None and tmp_path.exists():
+            tmp_path.unlink()
             logger.info("Temp file cleaned up", extra={"status": "success"})
 
     logger.info(
@@ -94,4 +113,5 @@ def process(payload: dict):
         "record_id": record_id,
         "preprocessing": preprocessing_signal.model_dump(),
         "detection": detection_signal.model_dump(),
-    }
+        }
+    
