Selaa lähdekoodia
fix code injection (#1868)
### What problem does this PR solve? fix code injection in https://github.com/infiniflow/ragflow/issues/1860, developers can have a check to see if the fix works as expected. ### Type of change Vulnerability Fixtags/v0.10.0
Tong Liu
1 vuosi sitten
1 muutettua tiedostoa jossa 2 lisäystä ja 1 poistoa
+ 2
- 1
api/apps/llm_app.py
Näytä tiedosto
| @@ -22,6 +22,7 @@ from api.db.db_models import TenantLLM | |||
| from api.utils.api_utils import get_json_result | |||
| from rag.llm import EmbeddingModel, ChatModel, RerankModel,CvModel | |||
| import requests | |||
| import ast | |||
| @manager.route('/factories', methods=['GET']) | |||
| @login_required | |||
| @@ -113,7 +114,7 @@ def add_llm(): | |||
| if factory == "VolcEngine": | |||
| # For VolcEngine, due to its special authentication method | |||
| # Assemble volc_ak, volc_sk, endpoint_id into api_key | |||
| temp = list(eval(req["llm_name"]).items())[0] | |||
| temp = list(ast.literal_eval(req["llm_name"]).items())[0] | |||
| llm_name = temp[0] | |||
| endpoint_id = temp[1] | |||
| api_key = '{' + f'"volc_ak": "{req.get("volc_ak", "")}", ' \ | |||
Loading…