From 537866fb35622c006910ff618e1e00781516e372 Mon Sep 17 00:00:00 2001
From: shyun020 <127273427+shyun020@users.noreply.github.com>
Date: Thu, 27 Mar 2025 13:37:19 +0900
Subject: [PATCH 1/2] Update devika.py

---
 devika.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/devika.py b/devika.py
index 961b792a..9e0b2dd5 100644
--- a/devika.py
+++ b/devika.py
@@ -207,3 +207,5 @@ def status():
 if __name__ == "__main__":
     logger.info("Devika is up and running!")
     socketio.run(app, debug=False, port=1337, host="0.0.0.0")
+
+123

From 704ff34682dde8109e7520d5ffe7be9a6db3c093 Mon Sep 17 00:00:00 2001
From: shyun020 <127273427+shyun020@users.noreply.github.com>
Date: Thu, 27 Mar 2025 14:02:18 +0900
Subject: [PATCH 2/2] Update devika.py

---
 devika.py | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/devika.py b/devika.py
index 9e0b2dd5..1785c91a 100644
--- a/devika.py
+++ b/devika.py
@@ -9,6 +9,7 @@
 
 
 from flask import Flask, request, jsonify, send_file
+from werkzeug.utils import secure_filename
 from flask_cors import CORS
 from src.socket_instance import socketio, emit_agent
 import os
@@ -123,7 +124,7 @@ def get_agent_state():
 @app.route("/api/get-browser-snapshot", methods=["GET"])
 @route_logger(logger)
 def browser_snapshot():
-    snapshot_path = request.args.get("snapshot_path")
+    snapshot_path = secure_filename(request.args.get("snapshot_path"))
     return send_file(snapshot_path, as_attachment=True)
 
 
@@ -207,5 +208,3 @@ def status():
 if __name__ == "__main__":
     logger.info("Devika is up and running!")
     socketio.run(app, debug=False, port=1337, host="0.0.0.0")
-
-123