highperfocused/danswer
1
0
Fork 0
mirror of https://github.com/danswer-ai/danswer.git synced 2025-09-20 13:05:49 +02:00
Code Issues Packages Projects Releases Wiki Activity

Prevent SSRF risk

Browse Source
This commit is contained in:
pablodanswer
2024-12-28 15:25:12 -05:00
parent 2d960a477f
commit f4050306d6
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
backend/onyx/connectors/web/connector.py
View File

@@ -33,6 +33,7 @@ from onyx.file_processing.extract_file_text import read_pdf_file
from onyx.file_processing.html_utils import web_html_cleanup from onyx.file_processing.html_utils import web_html_cleanup
from onyx.utils.logger import setup_logger from onyx.utils.logger import setup_logger
from onyx.utils.sitemap import list_pages_for_site from onyx.utils.sitemap import list_pages_for_site
from shared_configs.configs import MULTI_TENANT
logger = setup_logger() logger = setup_logger()
@@ -241,6 +242,12 @@ class WebConnector(LoadConnector):
self.to_visit_list = extract_urls_from_sitemap(_ensure_valid_url(base_url)) self.to_visit_list = extract_urls_from_sitemap(_ensure_valid_url(base_url))
elif web_connector_type == WEB_CONNECTOR_VALID_SETTINGS.UPLOAD: elif web_connector_type == WEB_CONNECTOR_VALID_SETTINGS.UPLOAD:
# Explicitly check if running in multi-tenant mode to prevent potential security risks
if MULTI_TENANT:
raise ValueError(
"Upload input for web connector is not supported in cloud environments"
)
logger.warning( logger.warning(
"This is not a UI supported Web Connector flow, " "This is not a UI supported Web Connector flow, "
"are you sure you want to do this?" "are you sure you want to do this?"