From c69b7fc9415ac33095d8aae8af41ebfe8f8a005e Mon Sep 17 00:00:00 2001
From: pablonyx <pablo@danswer.ai>
Date: Thu, 12 Dec 2024 15:41:35 -0800
Subject: [PATCH] Prevent SSRF risk (#3453)

* update con

* k
---
 backend/danswer/connectors/web/connector.py | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/backend/danswer/connectors/web/connector.py b/backend/danswer/connectors/web/connector.py
index 9e406b716..3fdb5e2aa 100644
--- a/backend/danswer/connectors/web/connector.py
+++ b/backend/danswer/connectors/web/connector.py
@@ -33,6 +33,7 @@ from danswer.file_processing.extract_file_text import read_pdf_file
 from danswer.file_processing.html_utils import web_html_cleanup
 from danswer.utils.logger import setup_logger
 from danswer.utils.sitemap import list_pages_for_site
+from shared_configs.configs import MULTI_TENANT
 
 logger = setup_logger()
 
@@ -241,6 +242,12 @@ class WebConnector(LoadConnector):
             self.to_visit_list = extract_urls_from_sitemap(_ensure_valid_url(base_url))
 
         elif web_connector_type == WEB_CONNECTOR_VALID_SETTINGS.UPLOAD:
+            # Explicitly check if running in multi-tenant mode to prevent potential security risks
+            if MULTI_TENANT:
+                raise ValueError(
+                    "Upload input for web connector is not supported in cloud environments"
+                )
+
             logger.warning(
                 "This is not a UI supported Web Connector flow, "
                 "are you sure you want to do this?"