From 2cdf3f574cc785397126ffcd627ae736690a08e9 Mon Sep 17 00:00:00 2001 From: hanishkvc Date: Mon, 3 Nov 2025 14:35:23 +0530 Subject: [PATCH] SimpleChatTC:SimpleProxy: Validate deps wrt enabled service paths helps ensure only service paths that can be serviced are enabled Use same to check for pypdf wrt pdftext --- .../local.tools/simpleproxy.py | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/tools/server/public_simplechat/local.tools/simpleproxy.py b/tools/server/public_simplechat/local.tools/simpleproxy.py index 862951f56a..50a5691703 100644 --- a/tools/server/public_simplechat/local.tools/simpleproxy.py +++ b/tools/server/public_simplechat/local.tools/simpleproxy.py @@ -48,7 +48,11 @@ gConfigType = { gConfigNeeded = [ '--allowed.schemes', '--allowed.domains', '--bearer.insecure' ] -gAllowedCalls = [ "urltext", "urlraw", "pdftext" ] +gAllowedCalls = { + "urltext": [], + "urlraw": [], + "pdftext": [ "pypdf" ] + } def bearer_transform(): @@ -157,6 +161,7 @@ def handle_aum(ph: ProxyHandler, pr: urllib.parse.ParseResult): Handle requests to aum path, which is used in a simple way to verify that one is communicating with this proxy server """ + import importlib queryParams = urllib.parse.parse_qs(pr.query) url = queryParams['url'] print(f"DBUG:HandleAUM:Url:{url}") @@ -165,9 +170,15 @@ def handle_aum(ph: ProxyHandler, pr: urllib.parse.ParseResult): ph.send_error(400, f"WARN:HandleAUM:MissingUrl/UnknownQuery?!") return urlParts = url.split('.',1) - if not (urlParts[0] in gAllowedCalls): - ph.send_error(403, f"WARN:HandleAUM:Forbidded:{urlParts[0]}") + if gAllowedCalls.get(urlParts[0], None) == None: + ph.send_error(403, f"WARN:HandleAUM:Forbidden:{urlParts[0]}") return + for dep in gAllowedCalls[urlParts[0]]: + try: + importlib.import_module(dep) + except ImportError as exc: + ph.send_error(400, f"WARN:HandleAUM:{urlParts[0]}:Support module [{dep}] missing or has issues") + return print(f"INFO:HandleAUM:Availability ok for:{urlParts[0]}") ph.send_response_only(200, "bharatavarshe") ph.send_header('Access-Control-Allow-Origin', '*')