AI/dify
1
0
Fork 0
mirror of https://git.mirrors.martin98.com/https://github.com/langgenius/dify.git synced 2025-08-12 12:09:03 +08:00
Code Issues Packages Projects Releases Wiki Activity

chore(api): enhance ruff rules to disallow dangerous functions and modules (#16461)

Browse Source
This commit is contained in:
QuantumGhost 2025-03-21 17:49:35 +08:00 committed by GitHub
parent ac910ed200
commit 383af7bf76
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
api/.ruff.toml
View File

@ -37,6 +37,12 @@ select = [
"UP", # pyupgrade rules "UP", # pyupgrade rules
"W191", # tab-indentation "W191", # tab-indentation
"W605", # invalid-escape-sequence "W605", # invalid-escape-sequence
# security related linting rules
# RCE proctection (sort of)
"S102", # exec-builtin, disallow use of `exec`
"S307", # suspicious-eval-usage, disallow use of `eval` and `ast.literal_eval`
"S301", # suspicious-pickle-usage, disallow use of `pickle` and its wrappers.
"S302", # suspicious-marshal-usage, disallow use of `marshal` module
] ]
ignore = [ ignore = [

2
api/models/dataset.py
View File

@ -910,7 +910,7 @@ class Embedding(db.Model): # type: ignore[name-defined]
self.embedding = pickle.dumps(embedding_data, protocol=pickle.HIGHEST_PROTOCOL) self.embedding = pickle.dumps(embedding_data, protocol=pickle.HIGHEST_PROTOCOL)
def get_embedding(self) -> list[float]: def get_embedding(self) -> list[float]:
return cast(list[float], pickle.loads(self.embedding)) return cast(list[float], pickle.loads(self.embedding)) # noqa: S301
class DatasetCollectionBinding(db.Model): # type: ignore[name-defined] class DatasetCollectionBinding(db.Model): # type: ignore[name-defined]