mirror of
https://github.com/zhayujie/chatgpt-on-wechat.git
synced 2026-07-17 11:07:11 +08:00
fix(tools): make web SSRF protection opt-in, disabled by default
This commit is contained in:
@@ -25,12 +25,24 @@ if "requests" not in sys.modules:
|
||||
# =============================================================================
|
||||
|
||||
class TestVisionSSRFValidation(unittest.TestCase):
|
||||
"""Test that _validate_url_safe blocks internal/private URLs."""
|
||||
"""Test that _validate_url_safe blocks internal/private URLs.
|
||||
|
||||
SSRF protection is opt-in (disabled by default); enable it via env for
|
||||
the duration of these tests.
|
||||
"""
|
||||
|
||||
def setUp(self):
|
||||
self._prev_ssrf_env = os.environ.get("WEB_SECURITY_SSRF_PROTECTION")
|
||||
os.environ["WEB_SECURITY_SSRF_PROTECTION"] = "true"
|
||||
from agent.tools.vision.vision import Vision
|
||||
self.validate = Vision._validate_url_safe
|
||||
|
||||
def tearDown(self):
|
||||
if self._prev_ssrf_env is None:
|
||||
os.environ.pop("WEB_SECURITY_SSRF_PROTECTION", None)
|
||||
else:
|
||||
os.environ["WEB_SECURITY_SSRF_PROTECTION"] = self._prev_ssrf_env
|
||||
|
||||
def test_loopback_ipv4_blocked(self):
|
||||
"""127.0.0.1 must be rejected."""
|
||||
with self.assertRaises(ValueError) as ctx:
|
||||
|
||||
Reference in New Issue
Block a user