Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Prevent SSRF risk (#3453)
Browse files Browse the repository at this point in the history
* update con

* k
pablonyx authored Dec 12, 2024

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
1 parent 6722e88 commit a44434d
Showing 1 changed file with 7 additions and 0 deletions.
7 changes: 7 additions & 0 deletions backend/danswer/connectors/web/connector.py
Original file line number Diff line number Diff line change
@@ -33,6 +33,7 @@
from danswer.file_processing.html_utils import web_html_cleanup
from danswer.utils.logger import setup_logger
from danswer.utils.sitemap import list_pages_for_site
from shared_configs.configs import MULTI_TENANT

logger = setup_logger()

@@ -241,6 +242,12 @@ def __init__(
self.to_visit_list = extract_urls_from_sitemap(_ensure_valid_url(base_url))

elif web_connector_type == WEB_CONNECTOR_VALID_SETTINGS.UPLOAD:
# Explicitly check if running in multi-tenant mode to prevent potential security risks
if MULTI_TENANT:
raise ValueError(
"Upload input for web connector is not supported in cloud environments"
)

logger.warning(
"This is not a UI supported Web Connector flow, "
"are you sure you want to do this?"

0 comments on commit a44434d

Please sign in to comment.