Spaces:

retopara
/

ragflow

Build error

App Files Files Community

黄腾

aopstudio commited on Aug 29, 2024

Commit

7b1ec89

1 Parent(s): b6bfae8

Fix some security vulnerabilities. (#2160)

Browse files

### What problem does this PR solve?

Fix some security vulnerabilities

### Type of change

- [x] Performance Improvement

---------

Co-authored-by: Zhedong Cen <[email protected]>

Files changed (3) hide show

api/apps/llm_app.py +1 -1
rag/llm/chat_model.py +5 -5
rag/llm/embedding_model.py +3 -3

api/apps/llm_app.py CHANGED Viewed

@@ -22,7 +22,7 @@ from api.db.db_models import TenantLLM
 from api.utils.api_utils import get_json_result
 from rag.llm import EmbeddingModel, ChatModel, RerankModel, CvModel, TTSModel
 import requests
-import ast
 @manager.route('/factories', methods=['GET'])
 @login_required

 from api.utils.api_utils import get_json_result
 from rag.llm import EmbeddingModel, ChatModel, RerankModel, CvModel, TTSModel
 import requests
 @manager.route('/factories', methods=['GET'])
 @login_required

rag/llm/chat_model.py CHANGED Viewed

@@ -457,8 +457,8 @@ class VolcEngineChat(Base):
         model_name is for display only
         """
         base_url = base_url if base_url else 'https://ark.cn-beijing.volces.com/api/v3'
-        ark_api_key = eval(key).get('ark_api_key', '')
-        model_name = eval(key).get('ep_id', '')
         super().__init__(ark_api_key, model_name, base_url)
@@ -602,9 +602,9 @@ class BedrockChat(Base):
     def __init__(self, key, model_name, **kwargs):
         import boto3
-        self.bedrock_ak = eval(key).get('bedrock_ak', '')
-        self.bedrock_sk = eval(key).get('bedrock_sk', '')
-        self.bedrock_region = eval(key).get('bedrock_region', '')
         self.model_name = model_name
         self.client = boto3.client(service_name='bedrock-runtime', region_name=self.bedrock_region,
                                    aws_access_key_id=self.bedrock_ak, aws_secret_access_key=self.bedrock_sk)

         model_name is for display only
         """
         base_url = base_url if base_url else 'https://ark.cn-beijing.volces.com/api/v3'
+        ark_api_key = json.loads(key).get('ark_api_key', '')
+        model_name = json.loads(key).get('ep_id', '')
         super().__init__(ark_api_key, model_name, base_url)
     def __init__(self, key, model_name, **kwargs):
         import boto3
+        self.bedrock_ak = json.loads(key).get('bedrock_ak', '')
+        self.bedrock_sk = json.loads(key).get('bedrock_sk', '')
+        self.bedrock_region = json.loads(key).get('bedrock_region', '')
         self.model_name = model_name
         self.client = boto3.client(service_name='bedrock-runtime', region_name=self.bedrock_region,
                                    aws_access_key_id=self.bedrock_ak, aws_secret_access_key=self.bedrock_sk)

rag/llm/embedding_model.py CHANGED Viewed

@@ -403,9 +403,9 @@ class BedrockEmbed(Base):
     def __init__(self, key, model_name,
                  **kwargs):
         import boto3
-        self.bedrock_ak = eval(key).get('bedrock_ak', '')
-        self.bedrock_sk = eval(key).get('bedrock_sk', '')
-        self.bedrock_region = eval(key).get('bedrock_region', '')
         self.model_name = model_name
         self.client = boto3.client(service_name='bedrock-runtime', region_name=self.bedrock_region,
                                    aws_access_key_id=self.bedrock_ak, aws_secret_access_key=self.bedrock_sk)

     def __init__(self, key, model_name,
                  **kwargs):
         import boto3
+        self.bedrock_ak = json.loads(key).get('bedrock_ak', '')
+        self.bedrock_sk = json.loads(key).get('bedrock_sk', '')
+        self.bedrock_region = json.loads(key).get('bedrock_region', '')
         self.model_name = model_name
         self.client = boto3.client(service_name='bedrock-runtime', region_name=self.bedrock_region,
                                    aws_access_key_id=self.bedrock_ak, aws_secret_access_key=self.bedrock_sk)