ngskcloud
/
gcgj-dify-1.7.0
17
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

chore(api): enhance ruff rules to disallow dangerous functions and modules (#16461)

Browse Source
pull/16479/head
QuantumGhost 1 year ago committed by GitHub
parent ac910ed200
commit 383af7bf76
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File

6
api/.ruff.toml
Unescape Escape View File

@ -37,6 +37,12 @@ select = [
"UP", # pyupgrade rules "UP", # pyupgrade rules
"W191", # tab-indentation "W191", # tab-indentation
"W605", # invalid-escape-sequence "W605", # invalid-escape-sequence
# security related linting rules
# RCE proctection (sort of)
"S102", # exec-builtin, disallow use of `exec`
"S307", # suspicious-eval-usage, disallow use of `eval` and `ast.literal_eval`
"S301", # suspicious-pickle-usage, disallow use of `pickle` and its wrappers.
"S302", # suspicious-marshal-usage, disallow use of `marshal` module
] ]
ignore = [ ignore = [

2
api/models/dataset.py
Unescape Escape View File

@ -910,7 +910,7 @@ class Embedding(db.Model): # type: ignore[name-defined]
self.embedding = pickle.dumps(embedding_data, protocol=pickle.HIGHEST_PROTOCOL) self.embedding = pickle.dumps(embedding_data, protocol=pickle.HIGHEST_PROTOCOL)
def get_embedding(self) -> list[float]: def get_embedding(self) -> list[float]:
return cast(list[float], pickle.loads(self.embedding)) return cast(list[float], pickle.loads(self.embedding)) # noqa: S301
class DatasetCollectionBinding(db.Model): # type: ignore[name-defined] class DatasetCollectionBinding(db.Model): # type: ignore[name-defined]

Write Preview
Loading…
Cancel
Save