ragflow

mirror of https://github.com/infiniflow/ragflow.git synced 2026-06-29 15:31:05 +08:00

Author	SHA1	Message	Date
Zhichang Yu	195bfffb5e	fix(security): address 93 CodeQL code-scanning alerts across 61 files (#16407 ) ## Summary Resolves all 93 open alerts at https://github.com/infiniflow/ragflow/security/code-scanning by rule: \| Rule \| Count \| Treatment \| \|------\|-------\|-----------\| \| py/clear-text-logging-sensitive-data \| 23 \| Real fix — log scrubbing \| \| go/path-injection \| 15 \| Real fix where possible, suppression with rationale \| \| go/request-forgery \| 8 \| Suppression with rationale (operator-controlled URLs) \| \| go/clear-text-logging \| 10 \| Real fix — log scrubbing \| \| go/unsafe-quoting \| 5 \| Real fix — escape or refactor \| \| go/sql-injection \| 3 \| Real fix — orderby whitelist + CodeQL comment \| \| go/uncontrolled-allocation-size \| 2 \| Real fix — cap to 1024 \| \| go/incorrect-integer-conversion \| 3 \| Real fix — ParseInt + range check \| \| go/insecure-hostkeycallback \| 1 \| Real fix — known_hosts file \| \| go/disabled-certificate-check \| 2 \| Suppression with rationale \| \| go/command-injection \| 1 \| Suppression (sanitized via shq()) \| \| go/email-injection \| 1 \| Suppression with rationale \| \| go/cookie-httponly-not-set \| 1 \| Suppression (SPA bootstrap) \| \| js/stack-trace-exposure \| 1 \| Real fix — generic client message \| \| js/prototype-pollution-utility \| 1 \| Real fix — reject __proto__/constructor/prototype \| \| py/weak-sensitive-data-hashing \| 1 \| Real fix — MD5 → SHA-256 \| \| py/incomplete-url-substring-sanitization \| 3 \| Real fix — urlparse(hostname) \| \| py/paramiko-missing-host-key-validation \| 1 \| Real fix — load_system_host_keys + RejectPolicy \| \| cpp/integer-multiplication-cast-to-long \| 2 \| Real fix — cast to size_t \| ## Real fixes (with measurable security improvement) SSH host key verification (Go + Python) Replace `InsecureIgnoreHostKey()` / `paramiko.AutoAddPolicy()` with proper host key verification against a known_hosts file (configurable via `SSH_KNOWN_HOSTS` env / `known_hosts` config field; fail-closed when unset). Loads `~/.ssh/known_hosts` first via `load_system_host_keys()` so existing setups keep working. SQL injection in `user_canvas` Add `userCanvasOrderableColumns` whitelist + `userCanvasOrderClause` helper. Both `GetList()` and `ListByTenantIDs()` now route the user-supplied `orderby` query param through the helper, defaulting to `create_time` on miss. SQL injection in `pipeline_operation_log` Existing whitelist documented via CodeQL comment. Real SQL injection in `infinity/chunk.go:931` Escape `'` → `''` on user-controlled `questionText` before splicing into `filter_fulltext(...)` SQL filter. Real SQL injection in `elasticsearch/sql.go:75` Defense-in-depth escape on tokenizer output before splicing into `MATCH(...)`. Python code injection in `result_protocol.go` Replace raw JSON literal embedding into Python/JS expressions with base64 + `json.loads` / `JSON.parse(Buffer.from(..., 'base64').toString('utf8'))`. Eliminates both the unsafe-quoting sink and the brittleness of mixing JSON true/false/null with Python syntax. URL substring check bypass in `embedding_model.py` Replace `if "dashscope-intl.aliyuncs.com" in u` with `urlparse(u).hostname == "dashscope-intl.aliyuncs.com"` so a base_url like `https://attacker.example/?u=dashscope-intl.aliyuncs.com` cannot bypass the routing. Prototype pollution in `setNestedValue` (TS) Reject `__proto__`/`constructor`/`prototype` keys before any assignment. Integer overflow - scrypt params via `ParseInt` + non-positive check (`internal/common/password.go`) - `topN` and `n` caps to 1024 (retrieval_service.go, dataset.go) - `nallocstatesize` cast to `size_t` (cpp/re2/onepass.cc) Cookie httponly* Set explicitly with rationale: this is the OAuth bootstrap cookie intentionally read by the SPA. Stack trace exposure Replace `error.message` in HTTP 500 response with generic `"internal error"`; full error still logged server-side via `console.error`. Weak hashing MD5 → SHA-256 for deterministic `conv_id` derivation (`conversation_service.py`). Log scrubbing Remove or redact user-controlled / sensitive content from clear-text logs across 8 ingestion parsers, `llm_service.py` ×11, `tenant_llm_service.py` ×7, `misc_utils.py` ×4, `redis_conn.py` ×10, `conftest.py` ×4, `init_data.py`, `dataset_api_service.py`, `generator.py`, `mysql_migration.py`, `cli.go`, `user_command.go`, `pdf_parser.go`. Most patterns converted to parameterized logging (`logging.info("...: %d", n)`) or static messages. ## CodeQL suppressions (each with rationale) For alerts where the data flow is genuinely safe but CodeQL can't see the context — operator-controlled URLs, sanitized inputs, etc. — I added `// codeql[go/<rule>] <rationale>` annotations rather than dismissing them, so future readers can audit the rationale inline: - `internal/agent/component/invoke.go:135` — Invoke is a generic canvas HTTP client - `internal/service/langfuse.go` ×2 — host is per-tenant operator config - `internal/service/file.go:1184` — already SSRF-guarded by `assertURLSafe` - `internal/utility/mcp_client.go` ×3 — already `AssertURLSafe` + IP-pinned - `internal/entity/models/bedrock.go` — sigv4-signed request, URL can't be tampered - `internal/service/deep_researcher.go:269` — `callback` is SSE display string, not SQL - `internal/engine/infinity/chunk.go:346` — UUIDs can't contain `'` (RFC 4122) - `internal/cli/common_command.go` ×2 — CLI trusts operator-configured URL - `internal/utility/smtp.go:194` — msg is server-built, not user form input - `internal/entity/models/*` ×14 (path-injection) — audio file paths are caller-supplied ## Test plan - ✅ All 13 modified Go packages build cleanly - ✅ 663 tests pass across `internal/agent/sandbox`, `internal/common`, `internal/agent/component`, `internal/engine/infinity`, `internal/dao` - ✅ All 11 modified Python files parse via `ast.parse` - ✅ TypeScript `tsc --noEmit` clean on the modified `use-provider-fields.tsx` - ✅ `node --check` clean on the modified JS file 🤖 Generated with [Claude Code](https://claude.com/claude-code)	2026-06-29 09:45:16 +08:00
Jin Hai	e3cb86d540	Go: parse HTML file (#16018 ) ### What problem does this PR solve? ``` RAGFlow(api/default)> parse file 'test.html'; Parsing HTML file: test.html <html> ...... ``` Signed-off-by: Jin Hai <haijin.chn@gmail.com>	2026-06-15 15:49:17 +08:00
Jin Hai	2846216674	Go: add Markdown parser (#16016 ) ### What problem does this PR solve? ``` RAGFlow(api/default)> parse file 'README.md'; Parsing Markdown file: README.md --- AST tree: HTMLBlock '<div align="center">\n<a href="https:…' ``` ### Type of change - [x] New Feature (non-breaking change which adds functionality) Signed-off-by: Jin Hai <haijin.chn@gmail.com>	2026-06-15 15:07:29 +08:00
Jin Hai	e89afbae21	Go: file parser config (#15989 ) ### What problem does this PR solve? Add parser config ### Type of change - [x] New Feature (non-breaking change which adds functionality) Signed-off-by: Jin Hai <haijin.chn@gmail.com>	2026-06-13 19:40:43 +08:00
Jin Hai	d32e05d560	Go: add more file parser (#15979 ) ### What problem does this PR solve? Now we can parse 'pptx', 'ppt', 'doc', 'xls', 'xlsx' ``` RAGFlow(api/default)> parse file 'test.pptx'; Parsing PPTX file: test.pptx Document format: pptx ``` ### Type of change - [x] New Feature (non-breaking change which adds functionality) Signed-off-by: Jin Hai <haijin.chn@gmail.com>	2026-06-12 23:28:14 +08:00
Jin Hai	234f1b7cff	Go: add office_oxide and parse docx file. (#15976 ) ### What problem does this PR solve? As title. ### Type of change - [x] New Feature (non-breaking change which adds functionality) --------- Signed-off-by: Jin Hai <haijin.chn@gmail.com>	2026-06-12 20:28:15 +08:00
Jin Hai	115b730d07	Go: parse ingestion DSL (#15938 ) PR #15938 ### Type of change - [x] New Feature (non-breaking change which adds functionality) --------- Signed-off-by: Jin Hai <haijin.chn@gmail.com>	2026-06-12 17:58:36 +08:00
Jin Hai	e96bc37d06	Go: use NATS as the message queue (#15327 ) ### What problem does this PR solve? ``` RAGFlow(admin)> mq publish 'msg2'; SUCCESS RAGFlow(admin)> mq publish 'msg3'; SUCCESS RAGFlow(admin)> mq list; +---------+---------------+ \| message \| subject \| +---------+---------------+ \| msg1 \| tasks.RAGFLOW \| \| msg2 \| tasks.RAGFLOW \| \| msg3 \| tasks.RAGFLOW \| +---------+---------------+ RAGFlow(admin)> mq pull 2; +---------+---------------+ \| message \| subject \| +---------+---------------+ \| msg1 \| tasks.RAGFLOW \| \| msg2 \| tasks.RAGFLOW \| +---------+---------------+ RAGFlow(admin)> mq pull noack; +---------+---------------+ \| message \| subject \| +---------+---------------+ \| abc \| tasks.RAGFLOW \| +---------+---------------+ RAGFlow(admin)> mq show +-------------------+----------------+--------+---------------+---------------+-------------------+---------------+ \| ack_pending_count \| consumer_count \| memory \| message_count \| pending_count \| redelivered_count \| waiting_count \| +-------------------+----------------+--------+---------------+---------------+-------------------+---------------+ \| 2 \| 1 \| 0 \| 2 \| 0 \| 1 \| 0 \| +-------------------+----------------+--------+---------------+---------------+-------------------+---------------+ RAGFlow(admin)> list ingestors; +--------------+-------------------------------------------+--------+ \| host \| name \| status \| +--------------+-------------------------------------------+--------+ \| 192.168.1.38 \| ingestor-8f0e4bd5650a4ac58b0151969fbf6935 \| alive \| +--------------+-------------------------------------------+--------+ RAGFlow(admin)> list ingestion tasks; +----------------------------------+----------------------------------+-----------+------+-------------+----------------------------------+ \| document_id \| id \| status \| step \| user \| user_id \| +----------------------------------+----------------------------------+-----------+------+-------------+----------------------------------+ \| ffe64fae423411f1a2d938a74640adcc \| 90d3d0f6528941c1ac8eb0360effccc4 \| COMPLETED \| 5 \| aaa@aaa.com \| 2ba4881420fa11f19e9c38a74640adcc \| +----------------------------------+----------------------------------+-----------+------+-------------+----------------------------------+ RAGFlow(admin)> remove ingestion tasks '90d3d0f6528941c1ac8eb0360effccc4'; +---------+----------------------------------+ \| delete \| task_id \| +---------+----------------------------------+ \| success \| 90d3d0f6528941c1ac8eb0360effccc4 \| +---------+----------------------------------+ RAGFlow(admin)> stop ingestion tasks 'e89e20d9a25848a1b79bd9345ddbfe1d'; +----------+----------------------------------+ \| status \| task_id \| +----------+----------------------------------+ \| STOPPING \| e89e20d9a25848a1b79bd9345ddbfe1d \| +----------+----------------------------------+ # Publish a message RAGFlow(admin)> mq publish 'cdd'; SUCCESS # List current tasks in the message queue RAGFlow(admin)> mq list +----------------------------------+---------------+ \| message \| subject \| +----------------------------------+---------------+ \| 7ce392a3c1624cd2be4b5276e8825059 \| tasks.RAGFLOW \| +----------------------------------+---------------+ # Consume a task from the message queue RAGFlow(admin)> mq pull +------+-----+----------------+ \| ack \| id \| type \| +------+-----+----------------+ \| true \| cdd \| ingestion_test \| +------+-----+----------------+ # User mode # List ingestion tasks, followed by dataset id RAGFlow(user)> list ingestion tasks from '0abe79f9423311f1ad8d38a74640adcc'; +---------------------------+---------------+----------------------------------+----------------------------------+----------------------------------+--------+-----------+---------------------------+---------------+----------------------------------+ \| create_date \| create_time \| dataset_id \| document_id \| id \| schema \| status \| update_date \| update_time \| user_id \| +---------------------------+---------------+----------------------------------+----------------------------------+----------------------------------+--------+-----------+---------------------------+---------------+----------------------------------+ \| 2026-05-30T20:21:06+08:00 \| 1780143666289 \| 0abe79f9423311f1ad8d38a74640adcc \| ffe64fae423411f1a2d938a74640adcc \| 8d758cd14a8b4ba8ab505003fb52017d \| \| COMPLETED \| 2026-05-30T20:21:26+08:00 \| 1780143686431 \| 2ba4881420fa11f19e9c38a74640adcc \| +---------------------------+---------------+----------------------------------+----------------------------------+----------------------------------+--------+-----------+---------------------------+---------------+----------------------------------+ RAGFlow(user)> list ingestion tasks; +---------------------------+---------------+----------------------------------+----------------------------------+----------------------------------+--------+-----------+---------------------------+---------------+----------------------------------+ \| create_date \| create_time \| dataset_id \| document_id \| id \| schema \| status \| update_date \| update_time \| user_id \| +---------------------------+---------------+----------------------------------+----------------------------------+----------------------------------+--------+-----------+---------------------------+---------------+----------------------------------+ \| 2026-06-02T19:02:31+08:00 \| 1780398151417 \| 0abe79f9423311f1ad8d38a74640adcc \| ffe64fae423411f1a2d938a74640adcc \| e89e20d9a25848a1b79bd9345ddbfe1d \| \| COMPLETED \| 2026-06-02T19:02:52+08:00 \| 1780398172208 \| 2ba4881420fa11f19e9c38a74640adcc \| +---------------------------+---------------+----------------------------------+----------------------------------+----------------------------------+--------+-----------+---------------------------+---------------+----------------------------------+ # Create an ingestion task # First argument is document id, second argument is dataset id RAGFlow(user)> start ingestion 'ffe64fae423411f1a2d938a74640adcc' from '0abe79f9423311f1ad8d38a74640adcc'; +----------------------------------+-------------------------------------------+ \| document_id \| result \| +----------------------------------+-------------------------------------------+ \| ffe64fae423411f1a2d938a74640adcc \| task_id: 8d758cd14a8b4ba8ab505003fb52017d \| +----------------------------------+-------------------------------------------+ # Pause an ingestion task, first argument is ingestion id RAGFlow(user)> stop ingestion '8d758cd14a8b4ba8ab505003fb52017d'; +---------------------------+---------------+----------------------------------+----------------------------------+----------------------------------+--------+-----------+---------------------------+---------------+----------------------------------+ \| create_date \| create_time \| dataset_id \| document_id \| id \| schema \| status \| update_date \| update_time \| user_id \| +---------------------------+---------------+----------------------------------+----------------------------------+----------------------------------+--------+-----------+---------------------------+---------------+----------------------------------+ \| 2026-05-30T20:21:06+08:00 \| 1780143666289 \| 0abe79f9423311f1ad8d38a74640adcc \| ffe64fae423411f1a2d938a74640adcc \| 8d758cd14a8b4ba8ab505003fb52017d \| \| COMPLETED \| 2026-05-30T20:21:26+08:00 \| 1780143686431 \| 2ba4881420fa11f19e9c38a74640adcc \| +---------------------------+---------------+----------------------------------+----------------------------------+----------------------------------+--------+-----------+---------------------------+---------------+----------------------------------+ # Delete an ingestion task RAGFlow(api/default)> remove ingestion tasks 'f366450a27d54677aec1c7090add30f0'; +---------+----------------------------------+ \| remove \| task_id \| +---------+----------------------------------+ \| success \| f366450a27d54677aec1c7090add30f0 \| +---------+----------------------------------+ ``` ### Type of change - [x] New Feature (non-breaking change which adds functionality) --------- Signed-off-by: Jin Hai <haijin.chn@gmail.com>	2026-06-12 14:56:44 +08:00
Jin Hai	f8c626bbc8	Go: add ingestion server (#15094 ) ### What problem does this PR solve? 1. Go ingestion server will connected with admin server with gRPC stream 2. Go ingestion server will be responsible for ingestion tasks ``` RAGFlow(admin)> list ingestors; +-----------------+-----------+----------------------------------+---------------------------+----------+------------+--------------+--------+------------+---------------+ \| address \| cpu_usage \| id \| last_heartbeat \| name \| process_id \| rss_usage \| status \| task_count \| vms_usage \| +-----------------+-----------+----------------------------------+---------------------------+----------+------------+--------------+--------+------------+---------------+ \| 127.0.0.1:58564 \| 0 \| bdd1870eea2646e0aacb8a2cd3307aa2 \| 2026-05-24T18:16:17+08:00 \| ingestor \| 680152 \| 212.72265625 \| active \| 0 \| 2589.12109375 \| +-----------------+-----------+----------------------------------+---------------------------+----------+------------+--------------+--------+------------+---------------+ RAGFlow(admin)> start ingestion 'abc'; +----------------------------------+ \| task_id \| +----------------------------------+ \| e714777639ca4760ab427b5f211e81ad \| +----------------------------------+ RAGFlow(admin)> stop ingestion 'f7bd39d0a724457eb5fdce6d81699776'; +----------------------------------+ \| task_id \| +----------------------------------+ \| f7bd39d0a724457eb5fdce6d81699776 \| +----------------------------------+ RAGFlow(admin)> list tasks; +-----+----------------------------------+-------+------+----------------------------------+---------------------------+------------+------------+ \| ETA \| assign_to \| error \| from \| id \| last_update \| start_time \| status \| +-----+----------------------------------+-------+------+----------------------------------+---------------------------+------------+------------+ \| 0 \| 17937da188b84f23a5c10bb87588944b \| \| CLI \| eae6431da72a40e796cff3a03008091b \| 2026-05-24T19:46:03+08:00 \| \| COMPLETED \| \| 0 \| 17937da188b84f23a5c10bb87588944b \| \| CLI \| 6cccdd174bd049ecb05a774bbb47593f \| 2026-05-24T19:46:03+08:00 \| \| COMPLETED \| \| 0 \| 17937da188b84f23a5c10bb87588944b \| \| CLI \| ef360d777e57485799adb96b30f2b4b8 \| 2026-05-24T19:46:03+08:00 \| \| CANCELED \| \| 0 \| 17937da188b84f23a5c10bb87588944b \| \| CLI \| bcc5c5448cb64de48b6b6171c36fb790 \| 2026-05-24T19:46:03+08:00 \| \| CANCELED \| \| 0 \| 17937da188b84f23a5c10bb87588944b \| \| CLI \| bfc25384c43a443294fe2da979a38ac2 \| 2026-05-24T19:46:03+08:00 \| \| DISPATCHED \| \| 0 \| 17937da188b84f23a5c10bb87588944b \| \| CLI \| 84960537b85d413b8990a9efd5952d67 \| 2026-05-24T19:46:04+08:00 \| \| DISPATCHED \| \| 0 \| 17937da188b84f23a5c10bb87588944b \| \| CLI \| 3d223c1b51e24b36861a3bfb2f1d58d4 \| 2026-05-24T19:46:03+08:00 \| \| CANCELED \| \| 0 \| 17937da188b84f23a5c10bb87588944b \| \| CLI \| e433b0e356b846c89c301621a3c54494 \| 2026-05-24T19:46:03+08:00 \| \| COMPLETED \| \| 0 \| 17937da188b84f23a5c10bb87588944b \| \| CLI \| 7c93a3880f074ebd8eca14e6b51bb7ef \| 2026-05-24T19:46:03+08:00 \| \| COMPLETED \| \| 0 \| 17937da188b84f23a5c10bb87588944b \| \| CLI \| df2e4ef51aaf4390bff9a23f2692486e \| 2026-05-24T19:46:04+08:00 \| \| DISPATCHED \| \| 0 \| 17937da188b84f23a5c10bb87588944b \| \| CLI \| 7377c53010194ef7a83aa206698d66ff \| 2026-05-24T19:46:05+08:00 \| \| DISPATCHED \| \| 0 \| 17937da188b84f23a5c10bb87588944b \| \| CLI \| df64d1a1f9d348e3a2f174c4d7d69e73 \| 2026-05-24T19:46:05+08:00 \| \| DISPATCHED \| \| 0 \| 17937da188b84f23a5c10bb87588944b \| \| CLI \| b59834512e2847e1bdf13ace04b8a456 \| 2026-05-24T19:46:06+08:00 \| \| DISPATCHED \| \| 0 \| 17937da188b84f23a5c10bb87588944b \| \| CLI \| 0064bb0ab69344028d1ecfda053826f4 \| 2026-05-24T19:46:03+08:00 \| \| QUEUED \| +-----+----------------------------------+-------+------+----------------------------------+---------------------------+------------+------------+ ``` ### Type of change - [x] New Feature (non-breaking change which adds functionality) --------- Signed-off-by: Jin Hai <haijin.chn@gmail.com>	2026-05-25 14:00:08 +08:00

9 Commits