AI/ragflow
1
0
Fork 0
mirror of https://git.mirrors.martin98.com/https://github.com/infiniflow/ragflow.git synced 2025-04-22 06:00:00 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix code injection (#1868)

Browse Source 
### What problem does this PR solve?

fix code injection in https://github.com/infiniflow/ragflow/issues/1860,
developers can have a check to see if the fix works as expected.

### Type of change

Vulnerability Fix
This commit is contained in:
Tong Liu 2024-08-08 13:44:55 +08:00 committed by GitHub
parent ce587cba56
commit f43db8bc51
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
api/apps/llm_app.py
View File

@ -22,6 +22,7 @@ from api.db.db_models import TenantLLM
from api.utils.api_utils import get_json_result from api.utils.api_utils import get_json_result
from rag.llm import EmbeddingModel, ChatModel, RerankModel,CvModel from rag.llm import EmbeddingModel, ChatModel, RerankModel,CvModel
import requests import requests
import ast
@manager.route('/factories', methods=['GET']) @manager.route('/factories', methods=['GET'])
@login_required @login_required
@ -113,7 +114,7 @@ def add_llm():
if factory == "VolcEngine": if factory == "VolcEngine":
# For VolcEngine, due to its special authentication method # For VolcEngine, due to its special authentication method
# Assemble volc_ak, volc_sk, endpoint_id into api_key # Assemble volc_ak, volc_sk, endpoint_id into api_key
temp = list(eval(req["llm_name"]).items())[0] temp = list(ast.literal_eval(req["llm_name"]).items())[0]
llm_name = temp[0] llm_name = temp[0]
endpoint_id = temp[1] endpoint_id = temp[1]
api_key = '{' + f'"volc_ak": "{req.get("volc_ak", "")}", ' \ api_key = '{' + f'"volc_ak": "{req.get("volc_ak", "")}", ' \