fix(security): protect Docling Serve outbound requests#14033
Conversation
|
Important Review skippedAuto incremental reviews are disabled on this repository. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
WalkthroughDocling remote task polling and concurrent file conversion now create HTTP clients through a shared SSRF-protected helper. Tests cover metadata URL blocking, public host IP pinning, headers, redirects, and explicitly allowlisted internal hosts. ChangesDocling SSRF protection
Estimated code review effort: 3 (Moderate) | ~20 minutes Possibly related PRs
🚥 Pre-merge checks | ✅ 8 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (8 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
✅ Test Coverage AdvisorNo source changes detected without accompanying tests. Thanks for keeping coverage up! 🎉
|
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (1)
src/bundles/docling/tests/test_docling_remote.py (1)
150-246: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick winConsider adding a pinning/headers test for the
process_filescall site.The new pinning/headers/redirect assertions only exercise
_process_task_id.process_files(docling_remote.py Line 339) uses the same_create_http_clienthelper but isn't independently asserted for headers/pinning/follow_redirects, only for the blocking case. As per path instructions for**/test_*.py, ensure "the tests actually cover the new or changed behavior rather than acting as placeholders."🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@src/bundles/docling/tests/test_docling_remote.py` around lines 150 - 246, Add a dedicated process_files test that exercises the successful HTTP-client creation path, not only blocked URLs. Configure a public API URL and headers, stub hostname resolution and the relevant file-processing response, then assert the captured client uses preserved headers, follow_redirects=False, and an SSRFProtectedSyncTransport with the expected pinned IPs; keep the existing _process_task_id coverage unchanged.Source: Path instructions
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@src/bundles/docling/tests/test_docling_remote.py`:
- Line 5: Update the import in the test module to obtain Self from
typing_extensions instead of typing, while leaving Any imported from typing.
This preserves compatibility with the bundle’s Python 3.10 support.
---
Nitpick comments:
In `@src/bundles/docling/tests/test_docling_remote.py`:
- Around line 150-246: Add a dedicated process_files test that exercises the
successful HTTP-client creation path, not only blocked URLs. Configure a public
API URL and headers, stub hostname resolution and the relevant file-processing
response, then assert the captured client uses preserved headers,
follow_redirects=False, and an SSRFProtectedSyncTransport with the expected
pinned IPs; keep the existing _process_task_id coverage unchanged.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: 2f8378d6-8441-42aa-a14c-25c71e348999
📒 Files selected for processing (2)
src/bundles/docling/src/lfx_docling/components/docling/docling_remote.pysrc/bundles/docling/tests/test_docling_remote.py
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## release-1.10.3 #14033 +/- ##
=================================================
Coverage ? 49.54%
=================================================
Files ? 2164
Lines ? 207753
Branches ? 15075
=================================================
Hits ? 102925
Misses ? 103343
Partials ? 1485
Flags with carried forward coverage won't be shown. Click here to find out more. 🚀 New features to boost your workflow:
|
Adam-Aghili
left a comment
There was a problem hiding this comment.
LGTM but 1 code rabbit issue is legitimate
* fix(kb): enforce per-user path containment * fix(security): protect Docling Serve outbound requests (#14033) * fix(security): protect Docling Serve requests * fix(docling): support Self on Python 3.10 * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * fix(auth): verify current password on password changes (#14034) * fix(security): harden MCP stdio configuration (#14036) * fix(security): restrict MCP stdio package sources * fix(security): block MCP Docker host access * fix(security): validate embedded MCP stdio configs * fix: require executable-only MCP commands * test: use allowed MCP commands in timeout tests * fix(security): harden component code module access (#14032) * fix(security): harden component code module access * fix(security): block native FFI imports in generated code * fix: track module assignment aliases in code scanner * fix(security): address alias review findings * fix: correct deprecated model settings behavior (#14047) * fix: prevent deprecated model enablement * test: use supported model in credential cleanup * fix(voice): enforce flow authorization on websocket (#14043) * fix(security): block native FFI imports in generated code (#14040) * fix(security): block native FFI imports in generated code * fix: track module assignment aliases in code scanner * chore: resolve code security conflicts * fix(security): confine AssemblyAI audio file access (#14037) * fix(security): confine AssemblyAI audio file access * [autofix.ci] apply automated fixes * test: stub optional AssemblyAI dependency * fix(security): harden AssemblyAI file submission --------- Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> * fix: track assignment aliases in component code scanner (#14041) fix: bind loop and comprehension aliases --------- Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
* fix(security): protect Docling Serve outbound requests (#14033) * fix(security): protect Docling Serve requests * fix(docling): support Self on Python 3.10 (cherry picked from commit 32bef8c) * fix(auth): verify current password on password changes (#14034) (cherry picked from commit 16725f0) * fix(security): harden component code module access (#14032) * fix(security): harden component code module access * fix(security): block native FFI imports in generated code * fix: track module assignment aliases in code scanner * fix(security): address alias review findings (cherry picked from commit 2016e4b) * fix: bind loop and comprehension aliases (cherry picked from commit 375ce63) * fix(voice): enforce flow authorization on websocket (#14043) (cherry picked from commit 229f86d) * fix(kb): enforce folder connector security settings (cherry picked from commit 917e390) * fix(kb): enforce per-user path containment (cherry picked from commit ec81655) * fix(security): confine AssemblyAI audio file access (#14037) Adapt the 1.10.3 fix to the lfx-bundles component path used by release-1.11.0. * fix(security): harden published image connector defaults * fix(lfx): register code execution aliases (cherry picked from commit cf13188) * fix(security): complete release-1.11 forward port * [autofix.ci] apply automated fixes * fix(security): protect SQL runtime configuration * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * fix(security): address review gaps * test: align MCP command security fixtures * fix(voice): preserve public flow websocket access * chore: regenerate component metadata * chore: align generated component metadata --------- Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Summary
Validation
uv build --package lfx-docling --wheelSummary by CodeRabbit
Bug Fixes
Tests