Prevent SSRF risk (#3453)

* update con * k
onyx-dot-app · Dec 12, 2024 · c69b7fc · c69b7fc
1 parent 6722e88
commit c69b7fc
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/backend/danswer/connectors/web/connector.py b/backend/danswer/connectors/web/connector.py
@@ -33,6 +33,7 @@
 from danswer.file_processing.html_utils import web_html_cleanup
 from danswer.utils.logger import setup_logger
 from danswer.utils.sitemap import list_pages_for_site
+from shared_configs.configs import MULTI_TENANT
 
 logger = setup_logger()
 
@@ -241,6 +242,12 @@ def __init__(
             self.to_visit_list = extract_urls_from_sitemap(_ensure_valid_url(base_url))
 
         elif web_connector_type == WEB_CONNECTOR_VALID_SETTINGS.UPLOAD:
+            # Explicitly check if running in multi-tenant mode to prevent potential security risks
+            if MULTI_TENANT:
+                raise ValueError(
+                    "Upload input for web connector is not supported in cloud environments"
+                )
+
             logger.warning(
                 "This is not a UI supported Web Connector flow, "
                 "are you sure you want to do this?"