From 07a10247db4d49f45d261e706ac0e68f48bb7c45 Mon Sep 17 00:00:00 2001
From: Ishaan Jaff <ishaanjaffer0324@gmail.com>
Date: Sat, 20 Apr 2024 12:10:08 -0700
Subject: [PATCH] fix - security fix

---
 litellm/proxy/proxy_server.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/litellm/proxy/proxy_server.py b/litellm/proxy/proxy_server.py
index 5ede7979d..1aab7bac2 100644
--- a/litellm/proxy/proxy_server.py
+++ b/litellm/proxy/proxy_server.py
@@ -4166,8 +4166,13 @@ async def audio_transcriptions(
             file.filename is not None
         )  # make sure filename passed in (needed for type)
 
+        _original_filename = file.filename
+        file_extension = os.path.splitext(file.filename)[1]
         # rename the file to a random hash file name -> we eventuall remove the file and don't want to remove any local files
-        file.filename = f"tmp-request" + str(uuid.uuid4())
+        file.filename = f"tmp-request" + str(uuid.uuid4()) + file_extension
+
+        # IMP - Asserts that we've renamed the uploaded file, since we run os.remove(file.filename), we should rename the original file
+        assert file.filename != _original_filename
 
         with open(file.filename, "wb+") as f:
             f.write(await file.read())