fix code injection (infiniflow#1868)

### What problem does this PR solve? fix code injection in infiniflow#1860, developers can have a check to see if the fix works as expected. ### Type of change Vulnerability Fix
Halfknow · Aug 8, 2024 · 6171047 · 6171047
1 parent 26ebcb2
commit 6171047
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/api/apps/llm_app.py b/api/apps/llm_app.py
@@ -22,6 +22,7 @@
 from api.utils.api_utils import get_json_result
 from rag.llm import EmbeddingModel, ChatModel, RerankModel,CvModel
 import requests
+import ast
 
 @manager.route('/factories', methods=['GET'])
 @login_required
@@ -113,7 +114,7 @@ def add_llm():
     if factory == "VolcEngine":
         # For VolcEngine, due to its special authentication method
         # Assemble volc_ak, volc_sk, endpoint_id into api_key
-        temp = list(eval(req["llm_name"]).items())[0]
+        temp = list(ast.literal_eval(req["llm_name"]).items())[0]
         llm_name = temp[0]
         endpoint_id = temp[1]
         api_key = '{' + f'"volc_ak": "{req.get("volc_ak", "")}", ' \