mirror of
https://github.com/infiniflow/ragflow.git
synced 2026-07-17 21:27:23 +08:00
## Summary Resolves all 93 open alerts at https://github.com/infiniflow/ragflow/security/code-scanning by rule: | Rule | Count | Treatment | |------|-------|-----------| | py/clear-text-logging-sensitive-data | 23 | Real fix — log scrubbing | | go/path-injection | 15 | Real fix where possible, suppression with rationale | | go/request-forgery | 8 | Suppression with rationale (operator-controlled URLs) | | go/clear-text-logging | 10 | Real fix — log scrubbing | | go/unsafe-quoting | 5 | Real fix — escape or refactor | | go/sql-injection | 3 | Real fix — orderby whitelist + CodeQL comment | | go/uncontrolled-allocation-size | 2 | Real fix — cap to 1024 | | go/incorrect-integer-conversion | 3 | Real fix — ParseInt + range check | | go/insecure-hostkeycallback | 1 | Real fix — known_hosts file | | go/disabled-certificate-check | 2 | Suppression with rationale | | go/command-injection | 1 | Suppression (sanitized via shq()) | | go/email-injection | 1 | Suppression with rationale | | go/cookie-httponly-not-set | 1 | Suppression (SPA bootstrap) | | js/stack-trace-exposure | 1 | Real fix — generic client message | | js/prototype-pollution-utility | 1 | Real fix — reject __proto__/constructor/prototype | | py/weak-sensitive-data-hashing | 1 | Real fix — MD5 → SHA-256 | | py/incomplete-url-substring-sanitization | 3 | Real fix — urlparse(hostname) | | py/paramiko-missing-host-key-validation | 1 | Real fix — load_system_host_keys + RejectPolicy | | cpp/integer-multiplication-cast-to-long | 2 | Real fix — cast to size_t | ## Real fixes (with measurable security improvement) **SSH host key verification (Go + Python)** Replace `InsecureIgnoreHostKey()` / `paramiko.AutoAddPolicy()` with proper host key verification against a known_hosts file (configurable via `SSH_KNOWN_HOSTS` env / `known_hosts` config field; fail-closed when unset). Loads `~/.ssh/known_hosts` first via `load_system_host_keys()` so existing setups keep working. **SQL injection in `user_canvas`** Add `userCanvasOrderableColumns` whitelist + `userCanvasOrderClause` helper. Both `GetList()` and `ListByTenantIDs()` now route the user-supplied `orderby` query param through the helper, defaulting to `create_time` on miss. **SQL injection in `pipeline_operation_log`** Existing whitelist documented via CodeQL comment. **Real SQL injection in `infinity/chunk.go:931`** Escape `'` → `''` on user-controlled `questionText` before splicing into `filter_fulltext(...)` SQL filter. **Real SQL injection in `elasticsearch/sql.go:75`** Defense-in-depth escape on tokenizer output before splicing into `MATCH(...)`. **Python code injection in `result_protocol.go`** Replace raw JSON literal embedding into Python/JS expressions with base64 + `json.loads` / `JSON.parse(Buffer.from(..., 'base64').toString('utf8'))`. Eliminates both the unsafe-quoting sink and the brittleness of mixing JSON true/false/null with Python syntax. **URL substring check bypass in `embedding_model.py`** Replace `if "dashscope-intl.aliyuncs.com" in u` with `urlparse(u).hostname == "dashscope-intl.aliyuncs.com"` so a base_url like `https://attacker.example/?u=dashscope-intl.aliyuncs.com` cannot bypass the routing. **Prototype pollution in `setNestedValue` (TS)** Reject `__proto__`/`constructor`/`prototype` keys before any assignment. **Integer overflow** - scrypt params via `ParseInt` + non-positive check (`internal/common/password.go`) - `topN` and `n` caps to 1024 (retrieval_service.go, dataset.go) - `nalloc*statesize` cast to `size_t` (cpp/re2/onepass.cc) **Cookie httponly** Set explicitly with rationale: this is the OAuth bootstrap cookie intentionally read by the SPA. **Stack trace exposure** Replace `error.message` in HTTP 500 response with generic `"internal error"`; full error still logged server-side via `console.error`. **Weak hashing** MD5 → SHA-256 for deterministic `conv_id` derivation (`conversation_service.py`). **Log scrubbing** Remove or redact user-controlled / sensitive content from clear-text logs across 8 ingestion parsers, `llm_service.py` ×11, `tenant_llm_service.py` ×7, `misc_utils.py` ×4, `redis_conn.py` ×10, `conftest.py` ×4, `init_data.py`, `dataset_api_service.py`, `generator.py`, `mysql_migration.py`, `cli.go`, `user_command.go`, `pdf_parser.go`. Most patterns converted to parameterized logging (`logging.info("...: %d", n)`) or static messages. ## CodeQL suppressions (each with rationale) For alerts where the data flow is genuinely safe but CodeQL can't see the context — operator-controlled URLs, sanitized inputs, etc. — I added `// codeql[go/<rule>] <rationale>` annotations rather than dismissing them, so future readers can audit the rationale inline: - `internal/agent/component/invoke.go:135` — Invoke is a generic canvas HTTP client - `internal/service/langfuse.go` ×2 — host is per-tenant operator config - `internal/service/file.go:1184` — already SSRF-guarded by `assertURLSafe` - `internal/utility/mcp_client.go` ×3 — already `AssertURLSafe` + IP-pinned - `internal/entity/models/bedrock.go` — sigv4-signed request, URL can't be tampered - `internal/service/deep_researcher.go:269` — `callback` is SSE display string, not SQL - `internal/engine/infinity/chunk.go:346` — UUIDs can't contain `'` (RFC 4122) - `internal/cli/common_command.go` ×2 — CLI trusts operator-configured URL - `internal/utility/smtp.go:194` — msg is server-built, not user form input - `internal/entity/models/*` ×14 (path-injection) — audio file paths are caller-supplied ## Test plan - ✅ All 13 modified Go packages build cleanly - ✅ 663 tests pass across `internal/agent/sandbox`, `internal/common`, `internal/agent/component`, `internal/engine/infinity`, `internal/dao` - ✅ All 11 modified Python files parse via `ast.parse` - ✅ TypeScript `tsc --noEmit` clean on the modified `use-provider-fields.tsx` - ✅ `node --check` clean on the modified JS file 🤖 Generated with [Claude Code](https://claude.com/claude-code)
408 lines
17 KiB
Python
408 lines
17 KiB
Python
#
|
|
# Copyright 2024 The InfiniFlow Authors. All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
#
|
|
import hashlib
|
|
import time
|
|
import logging
|
|
from uuid import uuid4
|
|
from peewee import IntegrityError
|
|
from common.constants import StatusEnum
|
|
from api.db.db_models import Conversation, DB
|
|
from api.db.services.api_service import API4ConversationService
|
|
from api.db.services.common_service import CommonService
|
|
from api.db.services.dialog_service import DialogService, async_chat
|
|
from common.misc_utils import get_uuid
|
|
import json
|
|
|
|
from rag.prompts.generator import chunks_format
|
|
|
|
|
|
logger = logging.getLogger(__name__)
|
|
|
|
|
|
class ConversationService(CommonService):
|
|
model = Conversation
|
|
|
|
@classmethod
|
|
@DB.connection_context()
|
|
def get_list(cls, dialog_id, page_number, items_per_page, orderby, desc, id, name, user_id=None):
|
|
sessions = cls.model.select().where(cls.model.dialog_id == dialog_id)
|
|
if id:
|
|
sessions = sessions.where(cls.model.id == id)
|
|
if name:
|
|
sessions = sessions.where(cls.model.name == name)
|
|
if user_id:
|
|
sessions = sessions.where(cls.model.user_id == user_id)
|
|
if desc:
|
|
sessions = sessions.order_by(cls.model.getter_by(orderby).desc())
|
|
else:
|
|
sessions = sessions.order_by(cls.model.getter_by(orderby).asc())
|
|
|
|
if items_per_page > 0:
|
|
sessions = sessions.paginate(page_number, items_per_page)
|
|
|
|
return list(sessions.dicts())
|
|
|
|
@classmethod
|
|
@DB.connection_context()
|
|
def get_or_create_for_channel(cls, dialog_id, channel_id, chat_id, name=None):
|
|
"""Find or create the conversation backing one channel end-user chat.
|
|
|
|
A chat_channel is bound to a dialog; each end-user chat on that channel
|
|
keeps its own conversation history. The conversation is identified by a
|
|
deterministic id derived from (dialog_id, channel_id, chat_id) so
|
|
history persists across restarts without a back-reference column on the
|
|
conversation, while still separating histories when the channel is
|
|
re-bound to a different dialog.
|
|
"""
|
|
# Use SHA-256 instead of MD5: CodeQL flags MD5 as a weak
|
|
# sensitive-data hashing primitive. The hash here is only
|
|
# used to derive a deterministic conversation id (not for
|
|
# authentication), but switching to SHA-256 keeps the call
|
|
# site consistent with our hashing policy. Truncating to 32
|
|
# hex chars preserves the existing ID length/shape.
|
|
#
|
|
# We also keep the legacy MD5-derived id as a fallback lookup
|
|
# so existing rows created under the previous hashing scheme
|
|
# are still found on the first read after deploy — without
|
|
# that fallback the writer would create a duplicate
|
|
# conversation (splitting the channel's history).
|
|
sha256_id = hashlib.sha256(
|
|
f"{dialog_id}:{channel_id}:{chat_id}".encode("utf-8")
|
|
).hexdigest()[:32]
|
|
legacy_id = hashlib.md5(
|
|
f"{dialog_id}:{channel_id}:{chat_id}".encode("utf-8")
|
|
).hexdigest()[:32]
|
|
conv = cls.model.get_or_none(cls.model.id == sha256_id)
|
|
if conv is not None:
|
|
# SHA row already present. A previous call may have
|
|
# crashed between the SHA insert and the legacy delete,
|
|
# leaving the MD5 row stranded — clean it up here so
|
|
# dialog_id listings don't show the channel chat twice.
|
|
try:
|
|
cls.model.delete_by_id(legacy_id)
|
|
except cls.model.DoesNotExist:
|
|
pass
|
|
return conv
|
|
# Legacy hit: row was written under the old MD5 id. Migrate it
|
|
# forward: write a new row under the SHA-256 id (carrying over
|
|
# message/reference history) and then delete the legacy row so
|
|
# the listing paths (which select by dialog_id) don't show the
|
|
# same channel chat twice during the rollout window.
|
|
#
|
|
# The cls.save and delete happen under @DB.connection_context()
|
|
# at the class level; the migration is not transactional with
|
|
# the cls.save because the new id write needs to be visible to
|
|
# a competing caller before the legacy delete runs, otherwise a
|
|
# racing reader would briefly see no row at all. Concurrent
|
|
# duplicate inserts are caught via IntegrityError and collapsed
|
|
# to a re-read of the SHA-256 row (see below).
|
|
legacy = cls.model.get_or_none(cls.model.id == legacy_id)
|
|
if legacy is not None:
|
|
try:
|
|
cls.save(
|
|
id=sha256_id,
|
|
dialog_id=legacy.dialog_id,
|
|
name=legacy.name,
|
|
message=list(legacy.message or []),
|
|
reference=list(legacy.reference or []),
|
|
)
|
|
except IntegrityError:
|
|
# Another caller won the race and wrote the SHA-256
|
|
# row first. Re-read to return it. If the re-read
|
|
# still misses, this is a real constraint failure
|
|
# (e.g. schema mismatch) — re-raise rather than mask
|
|
# the error as a silent None.
|
|
#
|
|
# The race-winner may also have crashed between its
|
|
# SHA insert and its legacy delete; opportunistically
|
|
# clean that up here too (DoesNotExist is a no-op when
|
|
# the legacy row is already gone).
|
|
conv = cls.model.get_or_none(cls.model.id == sha256_id)
|
|
if conv is not None:
|
|
try:
|
|
cls.model.delete_by_id(legacy_id)
|
|
except cls.model.DoesNotExist:
|
|
pass
|
|
return conv
|
|
raise
|
|
else:
|
|
# Migration succeeded; remove the legacy row so it no
|
|
# longer appears in dialog_id listings. Skip if it was
|
|
# already deleted (e.g. by a concurrent migrator).
|
|
try:
|
|
cls.model.delete_by_id(legacy_id)
|
|
except cls.model.DoesNotExist:
|
|
pass
|
|
return cls.model.get_or_none(cls.model.id == sha256_id)
|
|
try:
|
|
cls.save(
|
|
id=sha256_id,
|
|
dialog_id=dialog_id,
|
|
name=name or f"channel:{channel_id}:{chat_id}",
|
|
message=[],
|
|
reference=[],
|
|
)
|
|
except IntegrityError:
|
|
# Concurrent caller already inserted the row; re-read.
|
|
# Same rule as above: a missing re-read means this is
|
|
# a real constraint failure, not a race — re-raise.
|
|
conv = cls.model.get_or_none(cls.model.id == sha256_id)
|
|
if conv is not None:
|
|
return conv
|
|
raise
|
|
return cls.model.get_or_none(cls.model.id == sha256_id)
|
|
|
|
@classmethod
|
|
@DB.connection_context()
|
|
def get_all_conversation_by_dialog_ids(cls, dialog_ids):
|
|
sessions = cls.model.select().where(cls.model.dialog_id.in_(dialog_ids))
|
|
sessions.order_by(cls.model.create_time.asc())
|
|
offset, limit = 0, 100
|
|
res = []
|
|
while True:
|
|
s_batch = sessions.offset(offset).limit(limit)
|
|
_temp = list(s_batch.dicts())
|
|
if not _temp:
|
|
break
|
|
res.extend(_temp)
|
|
offset += limit
|
|
return res
|
|
|
|
|
|
def structure_answer(conv, ans, message_id, session_id):
|
|
reference = ans["reference"]
|
|
if not isinstance(reference, dict):
|
|
reference = {}
|
|
ans["reference"] = {}
|
|
is_final = ans.get("final", True)
|
|
|
|
chunk_list = chunks_format(reference)
|
|
|
|
reference["chunks"] = chunk_list
|
|
ans["id"] = message_id
|
|
ans["session_id"] = session_id
|
|
|
|
if not conv:
|
|
return ans
|
|
|
|
if not conv.message:
|
|
conv.message = []
|
|
content = ans["answer"]
|
|
if ans.get("start_to_think"):
|
|
content = "<think>"
|
|
elif ans.get("end_to_think"):
|
|
content = "</think>"
|
|
|
|
if not conv.message or conv.message[-1].get("role", "") != "assistant":
|
|
conv.message.append({"role": "assistant", "content": content, "created_at": time.time(), "id": message_id})
|
|
else:
|
|
if is_final:
|
|
if ans.get("answer"):
|
|
conv.message[-1] = {"role": "assistant", "content": ans["answer"], "created_at": time.time(), "id": message_id}
|
|
else:
|
|
conv.message[-1]["created_at"] = time.time()
|
|
conv.message[-1]["id"] = message_id
|
|
else:
|
|
conv.message[-1]["content"] = (conv.message[-1].get("content") or "") + content
|
|
conv.message[-1]["created_at"] = time.time()
|
|
conv.message[-1]["id"] = message_id
|
|
if conv.reference:
|
|
should_update_reference = is_final or bool(reference.get("chunks")) or bool(reference.get("doc_aggs"))
|
|
if should_update_reference:
|
|
conv.reference[-1] = reference
|
|
return ans
|
|
|
|
|
|
async def async_completion(tenant_id, chat_id, question, name="New session", session_id=None, stream=True, **kwargs):
|
|
assert name, "`name` can not be empty."
|
|
dia = DialogService.query(id=chat_id, tenant_id=tenant_id, status=StatusEnum.VALID.value)
|
|
assert dia, "You do not own the chat."
|
|
|
|
if not session_id:
|
|
session_id = get_uuid()
|
|
conv = {
|
|
"id": session_id,
|
|
"dialog_id": chat_id,
|
|
"name": name,
|
|
"message": [{"role": "assistant", "content": dia[0].prompt_config.get("prologue"), "created_at": time.time()}],
|
|
"user_id": kwargs.get("user_id", "")
|
|
}
|
|
ConversationService.save(**conv)
|
|
if stream:
|
|
yield "data:" + json.dumps({"code": 0, "message": "",
|
|
"data": {
|
|
"answer": conv["message"][0]["content"],
|
|
"reference": {},
|
|
"audio_binary": None,
|
|
"id": None,
|
|
"session_id": session_id
|
|
}},
|
|
ensure_ascii=False) + "\n\n"
|
|
yield "data:" + json.dumps({"code": 0, "message": "", "data": True}, ensure_ascii=False) + "\n\n"
|
|
return
|
|
else:
|
|
answer = {
|
|
"answer": conv["message"][0]["content"],
|
|
"reference": {},
|
|
"audio_binary": None,
|
|
"id": None,
|
|
"session_id": session_id
|
|
}
|
|
yield answer
|
|
return
|
|
|
|
conv = ConversationService.query(id=session_id, dialog_id=chat_id)
|
|
if not conv:
|
|
raise LookupError("Session does not exist")
|
|
|
|
conv = conv[0]
|
|
msg = []
|
|
question = {
|
|
"content": question,
|
|
"role": "user",
|
|
"id": str(uuid4())
|
|
}
|
|
|
|
# Propagate runtime attachments so downstream chat flow can resolve file content.
|
|
if isinstance(kwargs.get("files"), list) and kwargs["files"]:
|
|
question["files"] = kwargs["files"]
|
|
|
|
conv.message.append(question)
|
|
for m in conv.message:
|
|
if m["role"] == "system":
|
|
continue
|
|
if m["role"] == "assistant" and not msg:
|
|
continue
|
|
msg.append(m)
|
|
message_id = msg[-1].get("id")
|
|
e, dia = DialogService.get_by_id(conv.dialog_id)
|
|
|
|
kb_ids = kwargs.get("kb_ids",[])
|
|
dia.kb_ids = list(set(dia.kb_ids + kb_ids))
|
|
if not conv.reference:
|
|
conv.reference = []
|
|
conv.message.append({"role": "assistant", "content": "", "id": message_id})
|
|
conv.reference.append({"chunks": [], "doc_aggs": []})
|
|
|
|
if stream:
|
|
try:
|
|
async for ans in async_chat(dia, msg, True, session_id=session_id, **kwargs):
|
|
ans = structure_answer(conv, ans, message_id, session_id)
|
|
yield "data:" + json.dumps({"code": 0, "data": ans}, ensure_ascii=False) + "\n\n"
|
|
ConversationService.update_by_id(conv.id, conv.to_dict())
|
|
except Exception as e:
|
|
yield "data:" + json.dumps({"code": 500, "message": str(e),
|
|
"data": {"answer": "**ERROR**: " + str(e), "reference": []}},
|
|
ensure_ascii=False) + "\n\n"
|
|
yield "data:" + json.dumps({"code": 0, "data": True}, ensure_ascii=False) + "\n\n"
|
|
|
|
else:
|
|
answer = None
|
|
async for ans in async_chat(dia, msg, False, session_id=session_id, **kwargs):
|
|
answer = structure_answer(conv, ans, message_id, session_id)
|
|
ConversationService.update_by_id(conv.id, conv.to_dict())
|
|
break
|
|
yield answer
|
|
|
|
async def async_iframe_completion(dialog_id, question, session_id=None, stream=True, tenant_id=None, **kwargs):
|
|
if tenant_id:
|
|
exists, dia = DialogService.get_by_id(dialog_id)
|
|
if (not exists
|
|
or getattr(dia, "tenant_id", None) != tenant_id
|
|
or str(getattr(dia, "status", "")) != StatusEnum.VALID.value):
|
|
logger.warning(
|
|
"Dialog lookup failed for tenant-scoped iframe completion: "
|
|
"tenant_id=%s dialog_id=%s required_status=%s",
|
|
tenant_id,
|
|
dialog_id,
|
|
StatusEnum.VALID.value,
|
|
)
|
|
raise AssertionError("Dialog not found")
|
|
else:
|
|
e, dia = DialogService.get_by_id(dialog_id)
|
|
assert e, "Dialog not found"
|
|
if not session_id:
|
|
session_id = get_uuid()
|
|
conv = {
|
|
"id": session_id,
|
|
"dialog_id": dialog_id,
|
|
"user_id": kwargs.get("user_id", ""),
|
|
"message": [{"role": "assistant", "content": dia.prompt_config["prologue"], "created_at": time.time()}]
|
|
}
|
|
API4ConversationService.save(**conv)
|
|
yield "data:" + json.dumps({"code": 0, "message": "",
|
|
"data": {
|
|
"answer": conv["message"][0]["content"],
|
|
"reference": {},
|
|
"audio_binary": None,
|
|
"id": None,
|
|
"session_id": session_id
|
|
}},
|
|
ensure_ascii=False) + "\n\n"
|
|
yield "data:" + json.dumps({"code": 0, "message": "", "data": True}, ensure_ascii=False) + "\n\n"
|
|
return
|
|
else:
|
|
session_id = session_id
|
|
e, conv = API4ConversationService.get_by_id(session_id)
|
|
assert e, "Session not found!"
|
|
assert conv.dialog_id == dialog_id, "Session does not belong to this dialog"
|
|
|
|
if not conv.message:
|
|
conv.message = []
|
|
messages = conv.message
|
|
question = {
|
|
"role": "user",
|
|
"content": question,
|
|
"id": str(uuid4())
|
|
}
|
|
messages.append(question)
|
|
|
|
msg = []
|
|
for m in messages:
|
|
if m["role"] == "system":
|
|
continue
|
|
if m["role"] == "assistant" and not msg:
|
|
continue
|
|
msg.append(m)
|
|
if not msg[-1].get("id"):
|
|
msg[-1]["id"] = get_uuid()
|
|
message_id = msg[-1]["id"]
|
|
|
|
if not conv.reference:
|
|
conv.reference = []
|
|
conv.reference.append({"chunks": [], "doc_aggs": []})
|
|
|
|
if stream:
|
|
try:
|
|
async for ans in async_chat(dia, msg, True, session_id=session_id, **kwargs):
|
|
ans = structure_answer(conv, ans, message_id, session_id)
|
|
yield "data:" + json.dumps({"code": 0, "message": "", "data": ans},
|
|
ensure_ascii=False) + "\n\n"
|
|
API4ConversationService.append_message(conv.id, conv.to_dict())
|
|
except Exception as e:
|
|
yield "data:" + json.dumps({"code": 500, "message": str(e),
|
|
"data": {"answer": "**ERROR**: " + str(e), "reference": []}},
|
|
ensure_ascii=False) + "\n\n"
|
|
yield "data:" + json.dumps({"code": 0, "message": "", "data": True}, ensure_ascii=False) + "\n\n"
|
|
|
|
else:
|
|
answer = None
|
|
async for ans in async_chat(dia, msg, False, session_id=session_id, **kwargs):
|
|
answer = structure_answer(conv, ans, message_id, session_id)
|
|
API4ConversationService.append_message(conv.id, conv.to_dict())
|
|
break
|
|
yield answer
|