ben
/
coze-studio
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: CVE caused by h11 python lib (#449)

This commit is contained in:
N3ko 2025-08-04 16:37:24 +08:00 committed by GitHub
parent 3fe4031531
commit f78d297311
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 4 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
backend/Dockerfile
View File

@ -33,9 +33,8 @@ RUN apk add --no-cache --virtual .python-build-deps build-base py3-pip git && \
# Activate venv and install packages # Activate venv and install packages
. /app/.venv/bin/activate && \ . /app/.venv/bin/activate && \
# If you want to use other third-party libraries, you can install them here. # If you want to use other third-party libraries, you can install them here.
pip install git+https://gitcode.com/gh_mirrors/re/requests-async.git@master && \
pip install urllib3==1.26.16 && \ pip install urllib3==1.26.16 && \
pip install --no-cache-dir pillow==11.2.1 pdfplumber==0.11.7 python-docx==1.2.0 numpy==2.3.1 && \ pip install --no-cache-dir h11==0.16.0 httpx==0.28.1 pillow==11.2.1 pdfplumber==0.11.7 python-docx==1.2.0 numpy==2.3.1 && \
# Deactivate (optional, as RUN is a new shell) # Deactivate (optional, as RUN is a new shell)
# deactivate && \ # deactivate && \
# Remove build dependencies # Remove build dependencies

4
backend/domain/workflow/internal/nodes/code/code.go
View File

@ -108,8 +108,8 @@ var pythonBuiltinBlacklist = map[string]struct{}{
// If you want to use other third-party libraries, you can add them to this whitelist. // If you want to use other third-party libraries, you can add them to this whitelist.
// And you also need to install them in `/scripts/setup/python.sh` and `/backend/Dockerfile` via `pip install`. // And you also need to install them in `/scripts/setup/python.sh` and `/backend/Dockerfile` via `pip install`.
var pythonThirdPartyWhitelist = map[string]struct{}{ var pythonThirdPartyWhitelist = map[string]struct{}{
"requests_async": {}, "httpx": {},
"numpy": {}, "numpy": {},
} }
type Config struct { type Config struct {

19
scripts/setup/python.sh
View File

@ -29,24 +29,7 @@ source "$VENV_DIR/bin/activate"
pip install --upgrade pip pip install --upgrade pip
# If you want to use other third-party libraries, you can install them here. # If you want to use other third-party libraries, you can install them here.
pip install urllib3==1.26.16 pip install urllib3==1.26.16
pip install h11==0.16.0 httpx==0.28.1 pillow==11.2.1 pdfplumber==0.11.7 python-docx==1.2.0 numpy==2.3.1
REQUESTS_ASYNC_REPO_URL="https://gitcode.com/gh_mirrors/re/requests-async.git"
REQUESTS_ASYNC_DIR="$BIN_DIR/requests-async"
if [ ! -d "$REQUESTS_ASYNC_DIR/.git" ]; then
echo "Cloning requests-async repository..."
rm -rf "$REQUESTS_ASYNC_DIR"
git clone "$REQUESTS_ASYNC_REPO_URL" "$REQUESTS_ASYNC_DIR"
if [ $? -ne 0 ]; then
echo "Failed to clone requests-async repository - aborting startup"
deactivate
exit 1
fi
else
echo "requests-async repository already exists."
fi
pip install pillow==11.2.1 pdfplumber==0.11.7 python-docx==1.2.0 numpy==2.3.1 "$REQUESTS_ASYNC_DIR"
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
echo "Failed to install Python packages - aborting startup" echo "Failed to install Python packages - aborting startup"