From c9a5adc06668f9663a586908d94aba1990936df8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= <raphael@vinot.info>
Date: Fri, 5 Aug 2022 15:45:46 +0200
Subject: [PATCH] fix: Avoid invalid URL chars in filename

---
 lookyloo/lookyloo.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lookyloo/lookyloo.py b/lookyloo/lookyloo.py
index 1e992639..bb5bcf4e 100644
--- a/lookyloo/lookyloo.py
+++ b/lookyloo/lookyloo.py
@@ -24,6 +24,7 @@ from PIL import Image, UnidentifiedImageError
 from pymisp import MISPAttribute, MISPEvent, MISPObject
 from redis import ConnectionPool, Redis
 from redis.connection import UnixDomainSocketConnection
+from werkzeug.utils import secure_filename
 
 from .capturecache import CaptureCache, CapturesIndex
 from .context import Context
@@ -400,6 +401,9 @@ class Lookyloo():
             elif isinstance(value, (list, dict)):
                 query[key] = json.dumps(value)
 
+        if 'document_name' in query:
+            query['document_name'] = secure_filename(query['document_name'])
+
         # dirty deduplicate
         hash_query = hashlib.sha512(pickle.dumps(query)).hexdigest()
         # FIXME The line below should work, but it doesn't