fix(closet_llm): reject non-http(s) endpoints
LLMConfig accepted any URL scheme from LLM_ENDPOINT / --endpoint, so a misconfigured endpoint such as file:///etc/passwd would be passed straight to urllib.request.urlopen. Validate the scheme at construction time and raise ValueError on anything other than http/https, preserving the "privacy by architecture" guarantee. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Anthony Clendenen
committed by
Igor Lins e Silva
Igor Lins e Silva
parent
01880f674d
commit
b68485dfd4
@@ -40,6 +40,7 @@ import json
|
|||||||
import os
|
import os
|
||||||
import re
|
import re
|
||||||
import time
|
import time
|
||||||
|
import urllib.parse
|
||||||
import urllib.request
|
import urllib.request
|
||||||
import urllib.error
|
import urllib.error
|
||||||
from datetime import datetime
|
from datetime import datetime
|
||||||
@@ -101,6 +102,14 @@ class LLMConfig:
|
|||||||
self.endpoint = (endpoint or os.environ.get("LLM_ENDPOINT", "")).rstrip("/")
|
self.endpoint = (endpoint or os.environ.get("LLM_ENDPOINT", "")).rstrip("/")
|
||||||
self.key = key or os.environ.get("LLM_KEY", "")
|
self.key = key or os.environ.get("LLM_KEY", "")
|
||||||
self.model = model or os.environ.get("LLM_MODEL", "")
|
self.model = model or os.environ.get("LLM_MODEL", "")
|
||||||
|
if self.endpoint:
|
||||||
|
# Privacy-by-architecture: reject file:// and other non-HTTP schemes
|
||||||
|
# so a misconfigured endpoint cannot exfiltrate local files.
|
||||||
|
scheme = urllib.parse.urlparse(self.endpoint).scheme.lower()
|
||||||
|
if scheme not in ("http", "https"):
|
||||||
|
raise ValueError(
|
||||||
|
f"LLM_ENDPOINT must use http:// or https:// (got scheme {scheme!r})"
|
||||||
|
)
|
||||||
|
|
||||||
def missing(self) -> list:
|
def missing(self) -> list:
|
||||||
missing = []
|
missing = []
|
||||||
|
|||||||
Reference in New Issue
Block a user