youngkingdom/dify
1
0
Fork 0
mirror of https://github.com/langgenius/dify.git synced 2026-05-04 17:38:04 +08:00
Code Issues Packages Projects Releases Wiki Activity

security/SSRF vulns (#6682)

Browse Source
This commit is contained in:
Yeuoly
2024-07-25 20:50:26 +08:00
committed by GitHub
parent c5ac004f15
commit 79cb23e8ac
3 changed files with 13 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
api/core/rag/extractor/extract_processor.py
View File

@ -4,9 +4,8 @@ from pathlib import Path
from typing import Union
from urllib.parse import unquote
import requests
from configs import dify_config
from core.helper import ssrf_proxy
from core.rag.extractor.csv_extractor import CSVExtractor
from core.rag.extractor.entity.datasource_type import DatasourceType
from core.rag.extractor.entity.extract_setting import ExtractSetting
@ -51,7 +50,7 @@ class ExtractProcessor:
@classmethod
def load_from_url(cls, url: str, return_text: bool = False) -> Union[list[Document], str]:
response = requests.get(url, headers={
response = ssrf_proxy.get(url, headers={
"User-Agent": USER_AGENT
})