Fix some security vulnerabilities. (#2160)

### What problem does this PR solve? Fix some security vulnerabilities ### Type of change - [x] Performance Improvement --------- Co-authored-by: Zhedong Cen <cenzhedong2@126.com>
2025-08-12 06:38:59 +08:00 · 2024-08-29 16:21:32 +08:00 · 2024-08-29 16:21:32 +08:00 · 12975cf128
commit 12975cf128
parent 99993e5026
3 changed files with 9 additions and 9 deletions
--- a/api/apps/llm_app.py
+++ b/api/apps/llm_app.py
@ -22,7 +22,7 @@ from api.db.db_models import TenantLLM
 from api.utils.api_utils import get_json_result
 from rag.llm import EmbeddingModel, ChatModel, RerankModel, CvModel, TTSModel
 import requests
-import ast
+

@manager.route('/factories', methods=['GET'])
@login_required
--- a/rag/llm/chat_model.py
+++ b/rag/llm/chat_model.py
@ -457,8 +457,8 @@ class VolcEngineChat(Base):
        model_name is for display only
        """
        base_url = base_url if base_url else 'https://ark.cn-beijing.volces.com/api/v3'
-        ark_api_key = eval(key).get('ark_api_key', '')
-        model_name = eval(key).get('ep_id', '')
+        ark_api_key = json.loads(key).get('ark_api_key', '')
+        model_name = json.loads(key).get('ep_id', '')
        super().__init__(ark_api_key, model_name, base_url)


@ -602,9 +602,9 @@ class BedrockChat(Base):

    def __init__(self, key, model_name, **kwargs):
        import boto3
-        self.bedrock_ak = eval(key).get('bedrock_ak', '')
-        self.bedrock_sk = eval(key).get('bedrock_sk', '')
-        self.bedrock_region = eval(key).get('bedrock_region', '')
+        self.bedrock_ak = json.loads(key).get('bedrock_ak', '')
+        self.bedrock_sk = json.loads(key).get('bedrock_sk', '')
+        self.bedrock_region = json.loads(key).get('bedrock_region', '')
        self.model_name = model_name
        self.client = boto3.client(service_name='bedrock-runtime', region_name=self.bedrock_region,
                                   aws_access_key_id=self.bedrock_ak, aws_secret_access_key=self.bedrock_sk)
--- a/rag/llm/embedding_model.py
+++ b/rag/llm/embedding_model.py
@ -403,9 +403,9 @@ class BedrockEmbed(Base):
    def __init__(self, key, model_name,
                 **kwargs):
        import boto3
-        self.bedrock_ak = eval(key).get('bedrock_ak', '')
-        self.bedrock_sk = eval(key).get('bedrock_sk', '')
-        self.bedrock_region = eval(key).get('bedrock_region', '')
+        self.bedrock_ak = json.loads(key).get('bedrock_ak', '')
+        self.bedrock_sk = json.loads(key).get('bedrock_sk', '')
+        self.bedrock_region = json.loads(key).get('bedrock_region', '')
        self.model_name = model_name
        self.client = boto3.client(service_name='bedrock-runtime', region_name=self.bedrock_region,
                                   aws_access_key_id=self.bedrock_ak, aws_secret_access_key=self.bedrock_sk)