From 59e0c3f7d2b03a2c868d3d769244db762e3ed8a3 Mon Sep 17 00:00:00 2001
From: Artsiom Korzun <humanfault101@gmail.com>
Date: Tue, 14 Jan 2025 10:50:32 +0100
Subject: [PATCH] improve session id validation

---
 .../service/codeinterpreter/CodeInterpreterService.java   | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/server/src/main/java/com/epam/aidial/core/server/service/codeinterpreter/CodeInterpreterService.java b/server/src/main/java/com/epam/aidial/core/server/service/codeinterpreter/CodeInterpreterService.java
index 562b316d..ee161c1c 100644
--- a/server/src/main/java/com/epam/aidial/core/server/service/codeinterpreter/CodeInterpreterService.java
+++ b/server/src/main/java/com/epam/aidial/core/server/service/codeinterpreter/CodeInterpreterService.java
@@ -321,8 +321,14 @@ private ResourceDescriptor sessionResource(ProxyContext context, String sessionI
                     ? ("user/" + sessionId)
                     : ("app/" + bucket.getAppBucket() + "/" + sessionId);
 
-            return ResourceDescriptorFactory.fromEncoded(ResourceTypes.CODE_INTERPRETER_SESSION,
+            ResourceDescriptor resource = ResourceDescriptorFactory.fromEncoded(ResourceTypes.CODE_INTERPRETER_SESSION,
                     bucket.getUserBucket(), bucket.getUserBucketLocation(), path);
+
+            if (resource.isFolder()) {
+                throw new IllegalArgumentException("Invalid resource");
+            }
+
+            return resource;
         } catch (Throwable e) {
             throw new IllegalArgumentException("Invalid sessionId: " + sessionId);
         }