youngkingdom/ragflow
1
0
Fork 0
mirror of https://github.com/infiniflow/ragflow.git synced 2026-03-05 23:57:13 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
394ff16b66a5b7df0a7e372c4e4abf6e074fe608
ragflow/api/utils
History
Phives 4ceb668d40 feat(api/utils): Harden file_utils for robustness and edge cases (#12915) 
## Summary
Improves robustness and edge-case handling in `api.utils.file_utils` to
avoid crashes, DoS/OOM risks, and timeouts when processing user-provided
filenames, paths, and file blobs.

## Changes

### Resource limits & timeouts
- **`MAX_BLOB_SIZE_THUMBNAIL`** (50 MiB) and **`MAX_BLOB_SIZE_PDF`**
(100 MiB) to reject oversized inputs before thumbnail/PDF processing.
- **`GHOSTSCRIPT_TIMEOUT_SEC`** (120 s) for
`repair_pdf_with_ghostscript` subprocess to avoid hangs on malicious or
broken PDFs.

### `filename_type`
- Handles `None`, empty string, non-string (e.g. int/list), and
path-only input via new **`_normalize_filename_for_type()`**.
- Uses basename for type detection (e.g. `a/b/c.pdf` → PDF).
- Enforces **`FILE_NAME_LEN_LIMIT`**; invalid input returns
`FileType.OTHER`.

### `thumbnail_img`
- Rejects `None`/empty/oversized blob and invalid filename; returns
`None` instead of raising.
- Wraps PDF, image, and PPT handling in try/except so corrupt or
malformed files return `None`.
- Ensures PDF has pages and PPT has slides before use.
- Normalizes PIL image mode (RGBA/P/LA → RGB) for safe PNG export.

### `repair_pdf_with_ghostscript`
- Handles `None`/empty input; skips repair when input size exceeds
limit.
- Uses `subprocess.run(..., timeout=GHOSTSCRIPT_TIMEOUT_SEC)` and
catches `TimeoutExpired`.
- Returns original bytes when Ghostscript output is empty.

### `read_potential_broken_pdf`
- `None` → `b""`; non–sequence-like (no `len`) → `b""`; empty → return
as-is.
- Oversized blob returned as-is (no repair) to avoid DoS.

### `sanitize_path`
- Explicit `None` and non-string check; strips whitespace before
normalizing.

## Testing
- **`test/unit_test/utils/test_api_file_utils.py`** added with 36 unit
tests covering the above behavior (filename_type, sanitize_path,
read_potential_broken_pdf, thumbnail_img, thumbnail,
repair_pdf_with_ghostscript, constants).
- All tests pass.

---------

Co-authored-by: Gittensor Miner <miner@gittensor.io>
2026-02-25 14:34:47 +08:00
..
__init__.py
Remove 'get_lan_ip' and add common misc_utils.py (#10880)
2025-10-31 16:42:01 +08:00
api_utils.py
Fix: 'None None' in log (#13192)
2026-02-24 19:15:20 +08:00
base64_image.py
Move base64_image related functions to common directory (#10957)
2025-11-03 15:20:46 +08:00
commands.py
Feat: Alter flask to Quart for async API serving. (#11275)
2025-11-18 17:05:16 +08:00
common.py
Feat: Hash doc id to avoid duplicate name. (#12573)
2026-01-15 14:02:15 +08:00
configs.py
Introduce common/config_utils.py (#10968)
2025-11-03 17:25:06 +08:00
crypt.py
Use RAGFlow CLI to replace RAGFlow Admin CLI (#12653)
2026-01-17 17:52:38 +08:00
email_templates.py
Feat: Add box connector (#11845)
2025-12-12 10:23:40 +08:00
file_utils.py
feat(api/utils): Harden file_utils for robustness and edge cases (#12915)
2026-02-25 14:34:47 +08:00
health_utils.py
fix(api): MinIO health check use dynamic scheme and verify (Closes #13159 and #13158) (#13197)
2026-02-25 09:47:12 +08:00
json_encode.py
Minor tweats (#11271)
2025-11-16 19:29:20 +08:00
log_utils.py
Refactor log utils (#10973)
2025-11-03 20:25:02 +08:00
memory_utils.py
Feat/memory (#11812)
2025-12-10 13:34:08 +08:00
validation_utils.py
Align p3 HTTP/SDK tests with current backend behavior (#12563)
2026-01-13 19:22:47 +08:00
web_utils.py
Fix: stored XSS via HTML File upload and inline Rendering in file get (#13202)
2026-02-25 09:46:48 +08:00