From f4050306d61e782a2b81c18063e1d72ece234e61 Mon Sep 17 00:00:00 2001 From: pablodanswer Date: Sat, 28 Dec 2024 15:25:12 -0500 Subject: [PATCH] Prevent SSRF risk --- backend/onyx/connectors/web/connector.py | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/backend/onyx/connectors/web/connector.py b/backend/onyx/connectors/web/connector.py index 276ccdaf9af..f15632b1037 100644 --- a/backend/onyx/connectors/web/connector.py +++ b/backend/onyx/connectors/web/connector.py @@ -33,6 +33,7 @@ from onyx.file_processing.html_utils import web_html_cleanup from onyx.utils.logger import setup_logger from onyx.utils.sitemap import list_pages_for_site +from shared_configs.configs import MULTI_TENANT logger = setup_logger() @@ -241,6 +242,12 @@ def __init__( self.to_visit_list = extract_urls_from_sitemap(_ensure_valid_url(base_url)) elif web_connector_type == WEB_CONNECTOR_VALID_SETTINGS.UPLOAD: + # Explicitly check if running in multi-tenant mode to prevent potential security risks + if MULTI_TENANT: + raise ValueError( + "Upload input for web connector is not supported in cloud environments" + ) + logger.warning( "This is not a UI supported Web Connector flow, " "are you sure you want to do this?"